March 18, 2024 at 05:38PM
Over 900 websites using Google’s Firebase have been misconfigured, exposing sensitive data including 125 million user records. The issue stems from insecure Firebase implementations and lack of secure configuration. Researchers found 85 million names, 106 million email addresses, and 20 million passwords exposed. Despite notifications, only 24% of site owners addressed the misconfiguration.
After reviewing the meeting notes, the key takeaways are as follows:
– Over 900 websites built with Google’s Firebase have been misconfigured, resulting in the exposure of sensitive data such as credentials, personal information, and billing details to the public internet.
– Approximately 125 million user records were found to be publicly accessible, including plaintext passwords.
– Security concerns with Firebase’s configuration have been an ongoing issue, with previous incidents involving thousands of Android apps exposing data.
– Penetration testers identified exposed credentials in multiple instances and conducted an internet-wide search, ultimately finding data obtainable from over 900 websites.
– While efforts were made to notify affected websites, only 24 percent of site owners fixed the misconfiguration.
Overall, the misconfiguration of Firebase databases has led to significant data exposure, highlighting the need for improved security practices and greater awareness of configuration best practices among site owners.