Misconfigured Firebase instances exposed 125 million user records


Hundreds of websites misconfigured Google Firebase, exposing over 125 million user records, including plaintext passwords, security researchers warn.

It all began with the hacking of Chatter, an AI hiring system used by a variety of organizations in the United States, including fast food chains such as Applebee’s, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy’s, according to three security researchers known as mrbruh, xyzeva, and logy. A flaw in Chattr’s Firebase implementation allowed the researchers to gain complete access to the database by creating a new user.

They gained access to names, phone numbers, email addresses, some accounts’ plaintext passwords, confidential messages, and other information.

Read More: Misconfigured Firebase Instances Expose 125 Million User Records

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.