The danger of 3rd party apps– Fake Windows Phone app steals thousands of passwords

347a7174-be2c-4a2a-8555-04602a6c2d75We love 3rd party Windows Phone apps which bring services to the OS which the companies themselves refuse to support.

It however comes with a major danger – that the app may be malicious, and even if it works, it may still be stealing your data.

Those concerns have just become a reality, as a Windows Phone app has been implicated in the leakage of thousands of passwords from the Dutch carrier Telfort.

The KPN subsidiary initially believed its website has been hacked after the passwords showed up on the internet, but the leak was eventually traced to the rogue Windows Phone app.

The app, Abonnement Status, promised to allow users to see their data and call usage and their last 3 statements, but was in fact harvesting users passwords.

"The My Telfort section was temporarily shut down as a preventative measure, after the company received a tip that customer details were listed on an external website… After an internal investigation, it was found the leak concerned information entered by customers into an external fraudulent app, downloaded from the Windows Store," Telfort’s parent company KPN said in a statement.

"The access to My Telfort was proactively blocked for the affected customers. These customers will each be contacted shortly to reinstate their access to the My Telfort environment. Microsoft has notified Telfort that it will remove the app from the store as soon as possible, since the scheme used by the app developers is a clear violation of the general terms and conditions of the Windows App Store." 

The same developer has created a similar app for KPN also.

The app has been unpublished, and Telfort is considering taking legal actions against the app’s creator,and reminded users never to use unofficial apps.

Does this story give our readers pause for thought next time an unofficial 3rd party app comes along? Let us know below.

Via De Gelderlander and