AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Firebase: 19 million credentials exposed due to a simple error

A large-scale misconfiguration puts the personal information of millions of users at risk

A breach in Firebase exposed 19 million passwords and 125 million sensitive data. Analyzing over 5 million domains, 916 vulnerable platforms were found with 223 million records at risk. Only 1% of the companies contacted responded. The urgency of improving security measures is highlighted.

This pill is also available in Italian language

A serious error in the configurations of Firebase, a service offered by Google for managing databases, cloud computing and app development, led to the exposure of 19 million passwords without any protection. This incredible security flaw was discovered by a trio of cybersecurity specialists known in the digital world as Logykk, xyzeva/Eva and MrBruh. The latter conducted in-depth investigations, tracing the evident expression of 125 million sensitive data, including emails, names, contact numbers and financial details of their users.

Large-scale reconnaissance reveals poor security measures

Through an analysis involving more than 5 million web domains, it was revealed that 916 platforms, belonging to various business sectors, showed serious gaps or even absences in security precautions. The outcome of the investigation, which took approximately 1 month, was the identification of 223 million unattended records, with a substantial portion of this data leading back to the personal information of approximately 124.6 million individuals. This estimate, considered conservative by researchers, emphasizes the potential magnitude of the risk faced by users.

Unsuccessful communication and obvious case study

The team of researchers took the initiative to inform affected companies, sending 842 emails over the course of 13 days. However, only 1% responded. A notable case that emerged during the analysis was that of a well-known gambling network in Indonesia, which was found to be the largest source of vulnerable banking information, with 8 million banking records and 10 million passwords compromised.

Consequences and invitation to improve security measures

The investigation conducted by Logykk, xyzeva/Eva and MrBruh highlights the imperative need to maintain secure configurations in cloud platforms. Developers and organizations are strongly encouraged to adhere to strong security standards to prevent future data exposures and ensure user privacy is protected. This episode serves as a wake-up call for the IT industry, prompting an immediate review of security policies.

Follow us on WhatsApp for more pills like this

03/20/2024 20:22

Marco Verro

Last pills

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity

EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at risk