Lara Croft 835

maestro64 said:

HeliBum said:

Yep, leaking private information and Google are synonymous.

Anybody know where to find the list of affected apps?

It would be nice to know which apps have this issue.

Report is pay to view but

Enterprises are at significant risk from the Firebase vulnerability because 62% of enterprises have at least one vulnerable app in their mobile environment. The vulnerable apps are in multiple categories, including tools, productivity, health and fitness, communication, finance and business apps.

Worse, the data being leaked is highly sensitive including PII, PHI, plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and geolocation information, and more. 

Our Mobile Threat Team discovered over 2,300 unsecured Firebase databases and 3,000 unique iOS and Android apps with this vulnerability. The Android versions of these apps alone have been downloaded over 620 million times. 

More than 100 million records are exposed, including: 

• 2.6 million plain text passwords and user IDs
• 4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
• 25 million GPS location records
• 50 thousand financial records including banking, payment and Bitcoin transactions
• 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens