Researchers have seen that unprotected Firebase databases of thousands of iOS and Android apps are exposing over 100 million data records. The vulnerability exists due to developers failing to properly secure their back-end Firebase endpoints. The exposed data includes user IDs, location, financial records, and plaintext passwords. Affected types of applications include telecommunication, finance, postal services, educational institutions, hotels, and more. Firebase offers app developers an API server to access their databases hosted with the service. According to researchers, attackers can gain access to unprotected data by just adding “/.json” with a blank database name at the end of the hostname.” Reseachers scanned more than 2.7 million apps and saw that over 2,446 Android along with 600 iOS apps were leaking 2,300 databases. The databases contain over 100 million records. It was seen that there were more than 620 million downloads for the vulnerable Android apps. Researchers have informed Google along with a list of developers.
