AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Firebase: 19 million credentials exposed due to a simple error

A large-scale misconfiguration puts the personal information of millions of users at risk

A breach in Firebase exposed 19 million passwords and 125 million sensitive data. Analyzing over 5 million domains, 916 vulnerable platforms were found with 223 million records at risk. Only 1% of the companies contacted responded. The urgency of improving security measures is highlighted.

This pill is also available in Italian language

A serious error in the configurations of Firebase, a service offered by Google for managing databases, cloud computing and app development, led to the exposure of 19 million passwords without any protection. This incredible security flaw was discovered by a trio of cybersecurity specialists known in the digital world as Logykk, xyzeva/Eva and MrBruh. The latter conducted in-depth investigations, tracing the evident expression of 125 million sensitive data, including emails, names, contact numbers and financial details of their users.

Large-scale reconnaissance reveals poor security measures

Through an analysis involving more than 5 million web domains, it was revealed that 916 platforms, belonging to various business sectors, showed serious gaps or even absences in security precautions. The outcome of the investigation, which took approximately 1 month, was the identification of 223 million unattended records, with a substantial portion of this data leading back to the personal information of approximately 124.6 million individuals. This estimate, considered conservative by researchers, emphasizes the potential magnitude of the risk faced by users.

Unsuccessful communication and obvious case study

The team of researchers took the initiative to inform affected companies, sending 842 emails over the course of 13 days. However, only 1% responded. A notable case that emerged during the analysis was that of a well-known gambling network in Indonesia, which was found to be the largest source of vulnerable banking information, with 8 million banking records and 10 million passwords compromised.

Consequences and invitation to improve security measures

The investigation conducted by Logykk, xyzeva/Eva and MrBruh highlights the imperative need to maintain secure configurations in cloud platforms. Developers and organizations are strongly encouraged to adhere to strong security standards to prevent future data exposures and ensure user privacy is protected. This episode serves as a wake-up call for the IT industry, prompting an immediate review of security policies.

Follow us on Twitter for more pills like this

03/20/2024 20:22

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises