Security vendor AppBugs is calling out mobile development firms that do not limit password attempts on their apps. If an app allows unlimited password guesses, it makes it possible for hackers to use lists of popular passwords to try to figure out users’ passwords. In fact, some believe it was support for unlimited password attempts that allowed hackers to steak celebrity photos from iCloud last year.
AppBugs says that dozens of apps that have more than 300 million downloads allow unlimited password attempts. It has contacted the developers about the problem, but CNN, ESPN, Slack, Expedia, Zillow, SoundCloud, Walmart, Songza, iHeartRadio, Domino’s Pizza, AutoCAD and Kobo haven’t fixed their apps despite having more than 90 days to do so.