Check Point researchers discovered that 2,113 mobile apps leveraging the cloud-hosted Firebase database had exposed and unprotected data, including gaming app chats, family photos, health care app tokens, and cryptocurrency exchange information, according to TechRepublic
The report showed an e-commerce app exposing its API keys and gateway credentials, as well as a dating app compromising over 50,000 private messages. Moreover, 130,000 users of a logo and graphics design app had their usernames, passwords, and email addresses exposed, while 280,00 phone numbers had been exposed by a small and mid-size business accounting app.
“The thousands of databases that expose sensitive data are the cloud databases that are used by mobile applications themselves. So, having a specific application, from VirusTotal, or Google Play Store, or any third-party store, any unskilled person can check if it uses Firebase cloud database and easily access all the data if the database was not properly secured,“ said Check Point Security Researcher Alexandra Gofman.