Mobile security firm, AppBugs, has recently released a report on the security vulnerability of certain iOS and Android apps. Because these apps allow anyone to make unlimited password guesses, real account holders may be in deep trouble. With this vulnerability to password cracking, hackers may be able to make their way into an account through brute force. The same password cracking issue is believed to be responsible for last year’s iCloud leaks of nude celebrity photos.

With this new discovery, as many as 600 million smartphone users are at risk of losing their online accounts. What’s even more surprising is the fact that most of these accounts are with some of the most popular apps in the world. It is important to note that these apps have garnered over 1 million downloads.

Among the tested 100 popular iOS and Android apps, AppBugs found out that 53% had a vulnerability to password cracking. In totality, these vulnerable apps have been downloaded over 300 million times.

As soon as hackers discover that the app is vulnerable to brute force, he can start making guesses until he finally cracks the password and gets into the account. Based on password statistics, attackers can guess passwords in as little as 30 minutes or as much as several weeks.

The mobile security company has already notified the affected apps. They have also been given a 30-day notice to fix the vulnerability before they were publicly disclosed. As of this writing, a handful of affected names have been published including Songza, WatchESPN, iHeartRadio, Zillow, SoundCloud, Walmart, Slack, Kobo, CNN, Expedia, AutoCAD 360, and Domino’s Pizza USA. The other vulnerable apps will be publicized on July 30, if they fail to make necessary changes to protect its users from this password cracking vulnerability.