Check Point researchers discovered that 2,113 mobile apps leveraging the cloud-hosted Firebase database had exposed and unprotected data, including gaming app chats, family photos, health care app tokens, and cryptocurrency exchange information, according to TechRepublic.
The report showed an e-commerce app exposing its API keys and gateway credentials, as well as a dating app compromising over 50,000 private messages. Moreover, 130,000 users of a logo and graphics design app had their usernames, passwords, and email addresses exposed, while 280,00 phone numbers had been exposed by a small and mid-size business accounting app.
“The thousands of databases that expose sensitive data are the cloud databases that are used by mobile applications themselves. So, having a specific application, from VirusTotal, or Google Play Store, or any third-party store, any unskilled person can check if it uses Firebase cloud database and easily access all the data if the database was not properly secured,“ said Check Point Security Researcher Alexandra Gofman.
Ahead of its imminent approval, the Biden administration's proposed executive order mandating U.S. cloud infrastructure-as-a-service providers to strengthen the verification of their users' identities has received industry opposition due to the increased financial and logistical burdens that would arise from such a rule, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.