Cloud Security, Security Architecture

Cloud data exposed in thousands of mobile apps

Check Point researchers discovered that 2,113 mobile apps leveraging the cloud-hosted Firebase database had exposed and unprotected data, including gaming app chats, family photos, health care app tokens, and cryptocurrency exchange information, according to TechRepublic. The report showed an e-commerce app exposing its API keys and gateway credentials, as well as a dating app compromising over 50,000 private messages. Moreover, 130,000 users of a logo and graphics design app had their usernames, passwords, and email addresses exposed, while 280,00 phone numbers had been exposed by a small and mid-size business accounting app. “The thousands of databases that expose sensitive data are the cloud databases that are used by mobile applications themselves. So, having a specific application, from VirusTotal, or Google Play Store, or any third-party store, any unskilled person can check if it uses Firebase cloud database and easily access all the data if the database was not properly secured,“ said Check Point Security Researcher Alexandra Gofman.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.