Anonymous hackers have managed to take advantage of a flaw in the popular GIMKIT hack-proof messaging app to steal passwords and personal information for hundreds of thousands of users with the app, a security researcher told Fortune.
The bug was discovered by security researcher Joshua Seidl, who posted details about the bug in a blog post on Friday.
The vulnerability in GIMDKIT allows hackers to remotely gain access to accounts and data from users, which in turn allows them to log in to their accounts remotely.
Users who are already logged in to GIMKS accounts will not be able to log out of the app.
The flaw was discovered on June 15 by Seidling, who described his findings in a Medium post.
He posted a video of the vulnerability in action.
The company said the flaw was patched in March.
GIMSKIT has about 5 million users and accounts are shared by all users of the GIMKOIN messaging app.”GIMKITS users are the primary target of the flaw,” GIMKCERT, GIMKER, and GIMKEVKIT said in a joint statement.
“Users can easily lose their passwords if they are logged in.
Users with valid email addresses can recover their passwords in GimKITS, and users can also gain access by simply logging in to a GIMKA account with a valid email address.”
Users are advised to update their GIMKTKIT app version to 2.0.4.