TechRadar Posted March 19 Share Posted March 19 Another day, another misconfigured database leaking sensitive user information to the internet. This time around, security researchers stumbled upon a big one - more than 900 websites using Google’s cloud database service, Firebase.As reported by The Register, researchers with aliases mrbruh, xyzeva, and logykk, recently found that the AI hiring service “chattr” poorly implemented Firebase, and as a result, they were able to create a new admin account and access sensitive data stored there.This inspired them to scan the internet for similar instances, using a custom-built tool. They found “more than 900” websites leaking roughly 125 million sensitive data records. More sites lurking in the dark These records included 85 million names, 106 million email addresses, 34 million phone numbers, 20 million passwords, and 27 million billing details. More than enough for years of wire fraud, identity theft attacks, and more. All of the data was obtainable in plaintext.The researchers added that while the findings might sound disastrous, the reality is probably even worse, as there is a good chance they did not find all of the misconfigured sites. In the weeks following their discovery, they managed to reach out to 842 websites, of which 85% apparently received the warning. Nine percent of emails bounced. Of those that got the notification, 24% reacted and fixed the issue, one percent reached back to the researchers, and 0.2% offered a bug bounty. Firebase is a backend service that offers cloud data storage and development tools for websites and apps. According to 6sense, Firebase has more than 47,000 customers this year, with the vast majority - 54.25% (18,613) - being from the United States. Some of its high-profile clients include Alibaba, Lyft, Venmo, and The Economist.Misconfigured databases are one of the biggest causes of data leaks these days, as they mostly happen due to human oversight. More from TechRadar Pro BMW security error left valuable private company data exposed onlineHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article Quote Link to comment Share on other sites More sharing options...
.png.6dd3056f38e93712a18d153891e8e0fc.png.1dbd1e5f05de09e66333e631e3342b83.png.933f4dc78ef5a5d2971934bd41ead8a1.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.