20k+ android users data exposed as a result of misconfigured Google Firebase

Around 24000 android users get impacted by the misconfiguration of Google Firebase.

Firebase is a tool used by around 30% of the applications present in  the Google play store. Various functions provided by firebase are cloud storage, A/B testing, analytics, and even predictive capabilities.

The misconfiguration reported allows an attacker to add “.json to the end of a Firebase URL” and hence view all the content within the database with the help of simple search engine search results. The chart below shows the categories of affected applications.

 

 

 

 

 

 

 

 

 

The personal data leaked includes email address, username, password, full name, phone number, GPS data, IP address, chat messages, street addresses, and credit card numbers.

Google has announced that it is in contact with the various developers in order to fix the issue. Developers should start maintaining a smarter and strict security parameter to prevent such things from occurring.

Use NPAV and join us on a mission to secure the cyber world.