Money Lover is a popular finance app that has been downloaded five million times on the Play Store, as well as being available for iOS and Windows. It allows users to create Shared wallets with other people, such as family members or coworkers, to log transactions and collaborate in expense tracking. However, a Trustwave analyst and Money Lover user, Troy Driver, found that the data and email addresses associated with shared wallets were exposed to any authenticated user of the app. This included email addresses, wallet names, and limited transaction data. After the issue was reported to the publisher of Money Lover, Finsify, they released a fixing update on January 27, 2023. It is important to note that this flaw only affected users who used the shared wallet feature, and the main consequence of this is that an attacker could use the exposed information to perform targeted phishing attacks. Therefore, Money Lover users are advised to update their app to the latest version available on their operating system's app store.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 15:59:02 +0000