PSA. Don’t share your password in your app’s launch notes • Graham Cluley

PSA. Don't share your password in your app's release notes

Excited to look at the Guardians of the Galaxy Vol 3 on the cinema, or see what all of the fuss is round The Tremendous Mario Bros Film?

Perhaps you’ll leap onto your smartphone, and click on on the MyOdeon app to seek out out what movies are taking part in at your native flicks.

Oh! The OdeonUK app has simply been up to date… I’m wondering what new options it has?

Myodeon release notes
Launch notes for up to date model of MyOdeon app.

What’s New
Model 5.09.500

Up to date textual content
Added Delete operate to the app Click on on menu> then click on on my profile> click on on replace your particulars > Delete account> you get a delete warning > then click on sure
To check delete operate please use this login account and delete
E-mail: [email protected]
Password: Odeon1234!

Err… that appears awfully just like the credentials for a take a look at account, and – if I’m not very a lot mistaken – “Odeon1234!” is a extremely very dumb password certainly.

My guess is that this username and password combo was supposed to stay personal, and solely utilized by Odeon’s inner technical workers – fairly than shared with tons of of hundreds of film buffs.

EmailSignal as much as our publication
Safety information, recommendation, and suggestions.

Hopefully there’s no severe hurt executed by this, however all app builders ought to take care about what they submit of their launch notes – simply in case it by accident leaks any useful info to ne’er-do-wells.

Discovered this text attention-grabbing? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.


Graham Cluley is a veteran of the anti-virus trade having labored for plenty of safety firms for the reason that early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an unbiased safety analyst, he frequently makes media appearances and is a world public speaker on the subject of pc safety, hackers, and on-line privateness.
Comply with him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an electronic mail.