Firebase: 19 million credentials exposed due to a simple error
A large-scale misconfiguration puts the personal information of millions of users at risk
A breach in Firebase exposed 19 million passwords and 125 million sensitive data. Analyzing over 5 million domains, 916 vulnerable platforms were found with 223 million records at risk. Only 1% of the companies contacted responded. The urgency of improving security measures is highlighted.
A serious error in the configurations of Firebase, a service offered by Google for managing databases, cloud computing and app development, led to the exposure of 19 million passwords without any protection. This incredible security flaw was discovered by a trio of cybersecurity specialists known in the digital world as Logykk, xyzeva/Eva and MrBruh. The latter conducted in-depth investigations, tracing the evident expression of 125 million sensitive data, including emails, names, contact numbers and financial details of their users.
Large-scale reconnaissance reveals poor security measures
Through an analysis involving more than 5 million web domains, it was revealed that 916 platforms, belonging to various business sectors, showed serious gaps or even absences in security precautions. The outcome of the investigation, which took approximately 1 month, was the identification of 223 million unattended records, with a substantial portion of this data leading back to the personal information of approximately 124.6 million individuals. This estimate, considered conservative by researchers, emphasizes the potential magnitude of the risk faced by users.
Unsuccessful communication and obvious case study
The team of researchers took the initiative to inform affected companies, sending 842 emails over the course of 13 days. However, only 1% responded. A notable case that emerged during the analysis was that of a well-known gambling network in Indonesia, which was found to be the largest source of vulnerable banking information, with 8 million banking records and 10 million passwords compromised.
Consequences and invitation to improve security measures
The investigation conducted by Logykk, xyzeva/Eva and MrBruh highlights the imperative need to maintain secure configurations in cloud platforms. Developers and organizations are strongly encouraged to adhere to strong security standards to prevent future data exposures and ensure user privacy is protected. This episode serves as a wake-up call for the IT industry, prompting an immediate review of security policies.
Follow us on WhatsApp for more pills like this03/20/2024 20:22
Marco Verro