Breaking news: the cloud is (really) not secure
Three cybersecurity researchers (Logykk, xyzeva/Eva, and MrBruh) recently uncovered a significant security breach involving close to 19 million plaintext passwords exposed on the public internet due to misconfigured instances of Firebase, a Google platform used for hosting databases, cloud computing, and app development. Their investigation, which involved scanning over five million domains, revealed 916 websites from organizations lacking proper security rules or having them set up incorrectly.
This lapse in security led to the exposure of over 125 million sensitive user records, including emails, names, passwords, phone numbers, and billing information with bank details.The researchers—Logykk, xyzeva/Eva, and MrBruh—focused on identifying personally identifiable information (PII) exposed through vulnerable Firebase instances on the public web. Eva highlighted that many of the identified sites had no security rules or were improperly configured, allowing unauthorized read access to databases.
Additionally, a concerning number of these instances also had write access enabled. Eva’s script, Catalyst, was instrumental in assessing the data available in each exposed database and extracting a sample of 100 records for analysis. The collected information was then organized in a private database to provide an overview of the staggering amount of sensitive user data companies inadvertently expose due to inadequate security measures.
The compiled data revealed alarming statistics:
- 84,221,169 names;
- 106,266,766 emails;
- 33,559,863 phone numbers;
- 20,185,831 plaintext passwords (98% of all passwords exposed); and
- 27,487,924 pieces of billing information including bank details and invoices.
This breach underscores the critical importance of implementing robust security protocols to safeguard sensitive user information and prevent such widespread data exposure incidents in the future.
