The Record -
After years and years of warnings not to leave crucial databases exposed online without authentication, it appears that many Firebase administrators have failed to understand the dangers of these practices, and sensitive user data can still be easily found online with a few basic scripts or search queries.
In a research project conducted in July 2021 and published this week on Wednesday, cybersecurity firm Avast said it found nearly 19,300 Firebase databases from a grand total of 180,300 that were left exposed online without authentication.
“10.7% of the tested DBs were open, exposing the data to unauthenticated users, due to misconfiguration by the app developers,” said Avast security researcher Vladimir Martyanov.
“This is quite a large percentage.”
Vladimir Martyanov, Avast security researcher
Developed in 2012 as a real-time database specifically built to be used as the backend of modern websites and mobile apps, Firebase is one of today’s most popular database engines.
Acquired by Google
The post More than 10% of Firebase databases are open and exposing data was first published at The Record.