TechnologyTop Stories
GBO_Google Firebase

Hundreds of Google Firebase websites suspected of exposing information online

Google Firebase is a backend service that provides cloud data storage and development tools for websites and apps

Security researchers have discovered that over 900 websites using Google’s cloud database service, Firebase, have been leaking sensitive user information.

The AI hiring service “chattr” was found to have poorly implemented Firebase, allowing the researchers to create a new admin account and access sensitive data.

This discovery led them to scan the internet for similar misconfigured databases, using a custom-built tool. Their search revealed more than 900 websites that were leaking approximately 125 million sensitive data records.

According to the researchers, a massive data breach occurred, revealing 85 million names, 106 million email addresses, 34 million phone numbers, 20 million passwords, and 27 million billing details. Shockingly, all of this sensitive information was easily accessible in plaintext.

The researchers also believe that the actual scale of the breach may be much larger than their findings suggest, as there is a high possibility that they didn’t uncover all of the misconfigured sites. After discovering the breach, they contacted 842 websites, and 85% of them received a warning. However, around 9% of emails bounced.

Misconfigured databases are a major cause of data leaks today, mainly due to human error. Google Firebase is a backend service that provides cloud data storage and development tools for websites and apps.

As per 6sense, Firebase has over 47,000 customers this year, with the majority (54.25%, or 18,613) being from the United States. Some of the high-profile clients of Firebase include Alibaba, Lyft, Venmo, and The Economist.

Of those who received the notification, 24% responded and resolved the issue, 1% reached out to the researchers, and 0.2% offered a bug bounty.

Related posts

dHedge receives funds worth $1.15 mn from Framework Ventures, others

GBO Correspondent

LockBit ransomware variants, chatbot ‘prompt injection’ attacks to keep agencies on toes

GBO Correspondent

Japan’s Mizuho Bank, JCB carry out pilot programme for a blockchain-based ID

GBO Correspondent