Check Point Research found thousands of Firebase cloud databases that exposed chat messages in gaming apps, personal photos, token IDs in healthcare apps and data from cryptocurrency platforms.
One app discovered was from a large Dept Store in South America application (10+ Million Downloads) that had mistakenly exposed its API gateway credentials and API keys. CPR was able to access this data without facing any kind of protective mechanism. Other similar apps had their data exposed for all to see:
- Bookkeeping Application (1+ Million Downloads)
- Dating Application (10,000+ Downloads)
- Social Audio platform application (5+ Million Downloads)
- Running Tracker Application (100,000+ Downloads)
- Logo Design Application (10+ Million Downloads)
- PDF reader Application (500,000+ Downloads)