More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users

Misconfiguration of Google Firebase, a popular mobile application development platform, has exposed databases of over 4000 Android apps. This app misconfiguration has exposed email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The full contents of the database, spanning across 4,282 apps, included: Email addresses: 7,000,000+ Usernames: 4,400,000+ Passwords: 1,000,000+ Phone numbers: 5,300,000+ Full names: 18,300,000+ Chat messages: 6,800,000+ GPS data: 6,200,000+ IP addresses: 156,000+ Street addresses: 560,000+ With the vulnerable apps in question — mostly spanning games, education, entertainment, and business categories — installed 4.22 billion times by Android users, chances are high that Android users information has been exposed.

Read More

Next Steps:
Google has reached out to app developers to patch the issues., Potentially affected users should be wary of suspicious requests that seek to gain further personal information., Android users should reset their passwords for their app subscriptions and make sure that their potentially compromised password is not used on any other websites.

Breach occured on April 2020