Target just can’t seem to catch a break when it comes to the holiday season. After the company’s huge data breach at the end of 2013, which compromised the personal information of over 100 million consumers, another security flaw has been found this year.
Although smaller in scope, consumers who have used Target’s wish list mobile app may have had some of their personal information put in jeopardy, including their addresses, phone numbers, email addresses, and shopping registries.
The flaw was found by researchers at the Avast security firm. They determined that the mobile app’s Application Program Interface (API) was very easy to access over the Internet. Because of this, anyone who is able to determine how a user ID is generated can gain access to consumer files.
“If you created a Christmas wish list using the Target app, it might be accessible to more people than you want to actually receive gifts from,” said the researchers in a blog post. “The Target app keeps a database of users’ wish lists, names, addresses and email addresses. But your closest family and friends may not be the only ones who know you want a new suitcase for your upcoming cruise!”
Meanwhile, Target disabled portions of its wish list app on Tuesday until the problem could be resolved. “We apologize for any challenges guests may be facing while trying to access their registry. . . Our teams are working diligently overnight to resume full functionality,” said Molly Snyder, a Target communications manager.