The Pokemon Go augmented reality app in has broken all mobile gaming records with more than 75 million installs across Apple and Google platforms globally.
According to CloudLock, this phenomenon has sent users out of their homes and offices to participate in the game, where they are spending more time than they do browsing Facebook, Snapchat, Twitter or Instagram.
In its second quarter Cloud Cybersecurity Report, CloudLock CyberLab focused on the accelerating growth of connected third-party cloud apps, surfacing one of the riskiest cloud attack vectors.
The report identified 150,000+ unique apps connecting to corporate cloud environments, a number that increased by 30 times in the last two years alone.
Findings show that 27% of connected third party apps are of high or very high risk and they need immediate attention from corporate security teams.
CloudLock said that because the app is so popular and continuing to gain momentum, organizations should take action immediately. Implementing a high-level strategy as well as a specific Application Use Policy that outlines how they will whitelist or ban applications is critical.
CloudLock found that employees are granting access to corporate environments, despite these warnings, and are opening backdoors to their organization's most sensitive databases via the app—information that can easily be exploited by cybercriminals.
Pokémon Go is authorized to act on behalf of the user through an OAuth connection.
When launched, this OAuth connection allowed the app, and by extension the vendor, Nintendo to views, edits, collects or deletes anything related to the user’s Google account; send emails, analyze navigation history, and exfiltrate and externalize user’s data through programmatic API access; and collect personal data alongside geotagging functionality and camera access.
Findings show that 44% of all organizations have employees who granted access to Pokemon Go using their corporate credentials.