Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases
Researchers from mobile security firm Appthority have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions.
The Firebase vulnerability has already impacted numerous organizations across various industries globally. According to Appthority researchers, over 22,000 Android apps and over 1,200 iOS apps are connected to Firebase. Additionally, around 47% of the connected iOS apps and 9% of the Android apps are vulnerable.
More than 100 million records are exposed, including:
- 2.6 million plain text passwords and user IDs
- 4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
- 25 million GPS location records
- 50 thousand financial records including banking, payment and Bitcoin transactions
- 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.