Seeking Alpha Could Leak Stock Positions, Confidential Info Of Half A Million Users
Depending on whom one may ask, a trader's position book is either private or transparent.
Oil traders like to keep their positions hush-hush so as not to leak any signals to other traders. Equity traders and bond traders who divulge positions on TV or on Twitter may have an incentive to "talk their book" or promote a sentiment that would benefit their positions.
Stock trading website Seeking Alpha, known for in-depth analysis and an active community of traders, has potential to accidentally leak positions and information of 500,000 users.
An attacker in a privileged position on the target's network can intercept, view, and modify communications between the Seeking Alpha mobile application and its associated web services trivially, due to the reliance on HTTP cleartext communications, rather than HTTPS. HTTP is used for routine polling for stock ticker symbols the user has configured, which may reveal overly personal financial information about the user that could be used in a targeted attack.
Until Seeking Alpha provides a fix for the mobile application, users are strongly advised to not use the application while connected to untrusted networks. The use of a VPN will also help alleviate the most likely risk of a nearby eavesdropper on a public network, but note that this would protect communication only as far as the VPN endpoint.
This is another reminder of how careful users must be when storing and tracking their trading information on social websites. Following the hack on SWIFT, the central bank message platform, this recent hiccup should remind people of the challenges that come with protecting financial information that is available on the Web.
© 2017 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.