Misconfigured Firebase instances leaked 19 million plaintext passwords

Good find, thank you for sharing.
Love the reaction to finding out about it... you can't make this shit up. :meh:

lulz.png
 
Zarathustra[H] said:
Yeah, but what is it really? Those descriptions are so vague and jargon filled to be meaningless.
Click to expand...
It is Googles cross platform SDK.

Firebase provides detailed documentation and cross-platform app development SDKs, to help you build and ship apps for iOS, Android, the web, Flutter, Unity, and C++.
It also serves as the platform that hosts the backend and database hosting services.
https://firebase.google.com/docs/web/setup
 
Zarathustra[H] said:
Yeah, but what is it really? Those descriptions are so vague and jargon filled to be meaningless.
Click to expand...

It's basically a cloud database. It's nice for hobbiests because you can use it for free and you don't need a server or anything really.

I used it for a few things on my website. Sharing builds for Smite, a chat bot, and a thing that let's you watch youtube videos together. I never stored any plain text passwords with it, or any passwords at all, because I'm not a dumbass.
 
Zarathustra[H] said:
Yeah, but what is it really? Those descriptions are so vague and jargon filled to be meaningless.
Click to expand...

A collection of services and tooling for app development.

Database, authentication, functions as a service, message queues, storage, CDN, etc. It leans into the serverless mentality.

sharknice said:
It's basically a cloud database. It's nice for hobbiests because you can use it for free and you don't need a server or anything really.

I used it for a few things on my website. Sharing builds for Smite, a chat bot, and a thing that let's you watch youtube videos together. I never stored any plain text passwords with it, or any passwords at all, because I'm not a dumbass.
Click to expand...

I don't know why anyone even would - it literally has an authentication service that handles this for you? Wild.
 
sharknice said:
It's basically a cloud database. It's nice for hobbiests because you can use it for free and you don't need a server or anything really.

I used it for a few things on my website. Sharing builds for Smite, a chat bot, and a thing that let's you watch youtube videos together. I never stored any plain text passwords with it, or any passwords at all, because I'm not a dumbass.
Click to expand...

socK said:
A collection of services and tooling for app development.

Database, authentication, functions as a service, message queues, storage, CDN, etc. It leans into the serverless mentality.



I don't know why anyone even would - it literally has an authentication service that handles this for you? Wild.
Click to expand...
Because if you google How to create a user database in Firebase, every tutorial I have seen so far has you do just that.
 
The typical, developers deploying apps and infra they do not understand the basics about when it comes to security. So they just deploy and "it works great I am done!" and on they go about their day.
 
You must log in or register to reply here.
Back
Top