User Data Leaked by Apps Thanks to Misconfigured Google Firebase Backends
Data privacy is a very sensitive matter, especially in today'southward world. While companies' vouch to protect 1'southward data, often they are but fake assurances. And if the latest reports are to be believed, personal information of millions of users has been leaked.
Every bit reported by mobile security firm Appthority, thousands of iOS and Android mobile applications are exposing over 113 GBs of data via over two,271 misconfigured Firebase databases. For those of y'all unaware, Firebase is a Backend-as-a-Service offering from Google which provides multiple APIs that developers can easily plug into their apps benefit from Google'due south large-calibration and high-functioning cloud infrastructure to manage the app.
The security business firm scanned over 2.7 million mobile apps that used Firebase systems to store user data, analyzing the app's communications pattern for requests made to Firebase domains. Researchers said they identified 28,502 mobile apps (27,227 Android and 1,275 iOS) that continued and stored data within Firebase backends. Of these, 3,046 apps (2,446 Android and 600 iOS) saved data within ii,271 misconfigured Firebase databases that allowed anyone to view their content.
The types of data that were leaked are:
- 2.6 million plaintext passwords and user IDs
- 4 one thousand thousand+ PHI (Protected Wellness Information) records (chat messages and prescription details)
- 25 meg GPS location records
- 50 thousand financial records including banking, payment and Bitcoin transactions
- 4.5 1000000+ Facebook, LinkedIn, Firebase, and corporate data shop user tokens
Co-ordinate to Appthority, these apps have been downloaded more than 620 million times on the Google Play Store, and share similar figures on iOS' App Shop. They've further stated that they've notified Google before publishing the report, providing the list of affected applications forth with the links to the publicly viewable databases.
Responding to Android Authority, Google has stated that Firebase databases are secure by default when they are created and the vulnerable cases are instances where developers haven't followed best practices in one class or another. The company had even sent emails to all insecure projects with complete directions on how to turn database security dorsum on in December 2017. As such, the problems are, according to Google, attributable to programmer errors.
Source: https://beebom.com/user-data-leaked-by-apps-thanks-to-misconfigured-firebase-backends/
Posted by: hendersonmadis1976.blogspot.com
0 Response to "User Data Leaked by Apps Thanks to Misconfigured Google Firebase Backends"
Post a Comment