Report: Developers need to stop brute force attacks by limiting sign-in attempts4
AppBugs found 53 mobile apps for iOS and Android that aren't protected from brute force attacks. This means that over 600 million iOS and Android users are at risk. Some of the popular apps that won't stop brute force attacks include iHeart Radio, Watch ESPN, Expedia, CNN, SoundCloud and Walmart just to name a few. A study conducted on 70 million passwords found that depending on how strong a particular password is, using a brute force attack can net a hacker the correct password in 30 minutes to 24 days. But that is based on the use of one computer. Hackers usually employ multiple computers which results in some pretty scary figures.
If you are concerned about the apps you are using now, not using the app or uninstalling them will not help since your information remains on the app's server. According to AppBugs, you should disable any apps that are open to brute force attacks. You might have to contact the developer since there are different methods to disable each app. There is another thing that you can do, and that is to make your password harder to discover by using more than 20 characters to create it. That won't eliminate the threat from a brute force attack since your password can be eventually discovered anyway. But by using over 20 characters to create your password, you are buying some time since it will take longer for the correct combination to be found.
Ultimately, if enough consumers complain, developers might be concerned enough to limit the number of sign-in attempts, or use a two-step verification process that will prevent brute force from stealing passwords.
source: AppBug via RedmondPie