"Please be assured that we will make every effort to ensure this does not happen again," the DHS said in a statement.
The vulnerable GPS services are exposing location data, phone numbers, device model, IMEI numbers, photos and more.
While most apps seemed to be available on Google Play Store some were also spotted on Apple's App Store as well.
"When an IoT exploit becomes freely available, it hardly takes much time for threat actors to up their arsenal," NewSky Security warned.
The zero-day vulnerability is a local privilege escalation (LPE) flaw and can only be exploited when the attacker has local access to the targeted device.
The scam involved people being told that they had been named benefactors by an African royal and had to share their personal information to get the money.
The vulnerability shows how seemingly insignificant side-channels can exploited to infiltrate even strong smartphone security measures.
Users of the popular Chrome extension Archive Poster reported observing the change around the beginning of December.
Forever 21 has over 815 stores in 57 countries including the US, UK, Australia, China, India, Germany, Japan and Latin America.
UK-based Bitcoin exchange Exmo, took to Twitter to inform its users about having suffered a DDoS attack just days after one of its employees was kidnapped.
McAfee claims his Twitter account was used by unknown hackers to promote little-known cryptocurrencies.
The military cyber warfare unit is codenamed Force 47 and will sanitise "wrong viewpoints" emerging in the cyberspace.
"While these devices are never supposed to be exposed on the internet, we have shown that they can and will find their way directly on the internet," Trend Micro said.
Troy Hunt, security expert and creator of the data breach repository "HaveIBeenPwned.com" discovered the unsecured file and said the data was compromised in 2015.
The FBI reportedly purchased biometric data from a French firm, which contains code created by a Russian company with close ties to the Kremlin.