Researchers have discovered unprotected firebase databases which has put thousands of iOS and Android apps at risk exposing over an estimated 100 million sensitive data records such as text passwords, locations and in worst cases financial records like banking transactions.
Google’s Firebase service is a backend development platform offering developers a cloud based database which stores data synced with real time with all the connected clients.
It has come to notice that many app developers have failed to secure their Firebase endpoints with firewalls, which has left sensitive data of their customers publicly accessible to anyone.
Researchers ran tests on about 2.7 million apps scanned and were surprised to see that about 3000 apps were affected, which caused a leak of over 113 GBs of data. The apps were found on both major platforms, iOS and Android.
The affected applications belong to multiple categories from financial to fitness apps and more.
Researchers provided a brief analysis of the data they obtained from these applications.
- About 2.6 million login details in plaintext
- Location records via GPS totalled to about 25 million
- About 4 million PHI (Protected Health Information) records that include text messages and prescription record
- About 50,000 financial records including payment history and also cryptocurrency details
- About 4.5 million social media account tokens.
This is a major hack with one of the main causes behind it being owed to Google’s policy where it does not secure data by default and suggests developers to implement precautions at their own end.
The information has apparently been sent to Google, which is yet to respond. Since such a large number of files are said to be infected, will Google and Apple have to implement policy alterations?.