Hardcoded Amazon Web Services credentials have been identified in 1,859 Android and iOS apps, 77% of which had valid AWS access tokens enabling private AWS cloud service access, according to The Hacker News. More than 50% of the apps also leveraged AWS tokens also found in other apps from other companies and developers, indicating a significant supply chain issue, a Broadcom report showed. "The AWS access tokens could be traced to a shared library, third-party SDK, or other shared component used in developing the apps," said researchers. Moreover, valid AWS tokens allowing complete private file and Amazon Simple Storage Service bucket access in the cloud were found in 47% of apps. The report showed that more than 15,000 medium-to-large-sized companies had their customers' private information exposed by an intranet and communications platform offered by an unspecified B2B company that had a mobile software development kit with integrated cloud infrastructure keys. Moreover, over 300,000 users of five iOS banking apps with the same AI Digital Identity SDK had their fingerprint data exposed, added researchers.