diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1cff07f89..8d5b79fe4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- Replaced `Math.random()` with `crypto.randomBytes()` for generating cryptographically secure random strings
 - Upgraded `ionicons` from version `7.1.0` to `7.3.0`
 - Upgraded `yahoo-finance2` from version `2.10.0` to `2.11.0`
 - Upgraded `zone.js` from version `0.14.3` to `0.14.4`
diff --git a/apps/api/src/app/user/user.service.ts b/apps/api/src/app/user/user.service.ts
index e20dea4af..8b7c88560 100644
--- a/apps/api/src/app/user/user.service.ts
+++ b/apps/api/src/app/user/user.service.ts
@@ -452,14 +452,15 @@ export class UserService {
   }
 
   private getRandomString(length: number) {
+    const bytes = crypto.randomBytes(length);
     const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
     const result = [];
 
     for (let i = 0; i < length; i++) {
-      result.push(
-        characters.charAt(Math.floor(Math.random() * characters.length))
-      );
+      const randomByte = bytes[i];
+      result.push(characters[randomByte % characters.length]);
     }
+
     return result.join('');
   }
 }