CBS Sports Fixes App/Website Vulnerabilities After Discovery by Security Firm
CBS Sports Digital fixed a vulnerability related to Android and iOS versions of its app that transferred users' names, email addresses, account passwords, birth dates and ZIP codes over an insecure connection, after a mobile security firm discovered the problem,…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
a company spokeswoman said Tuesday. She said a vulnerability on the CBS Sports mobile website that transmitted users' email/user ID and passwords in clear text rather than being encrypted also was fixed. "There was no data breach on either the CBS Sports app or mobile site," the company emailed. "Our internal teams are rigorous about monitoring our platforms for any potential security issues. We take issue with outside companies publicizing the security operations of other firms for their own purposes rather than user protection." Mobile security company Wandera said in a threat advisory that it had discovered the vulnerabilities, which potentially exposed personally identifiable information when users signed up for an account. It said the CBS Sports app is one of the most popular sources for sports news. "Our researchers have identified that a significant amount of personal data is collected during the account registration process, and all these details are sent in clear text over an unencrypted connection to the app's backend services," the advisory said. Neither company said when the vulnerabilities were discovered or fixed.