Misconfigured Firebase instances are leaking passwords, a China-related threat actor is hacking governments and more.
Welcome to Cyber Security Today. It’s Wednesday, March 20th. 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Misconfigured web services on 900 sites that use Google’s Firebase web application development platform are leaking valuable data including plaintext passwords. That’s according to three anonymous programmers. All I can tell you is one of them says they live in New Zealand. In a posting the trio said their work follows up on the discovery in January that an artificial intelligence hiring system used by many large companies called Chattr.ai had a Firebase vulnerability. Scanning the internet for misconfigured Firebase installations they found 900 vulnerable websites that allowed them to download 84 million usernames, 106 million email addresses, 20 million passwords — some of which were in plaintext — and more. Vulnerable firms include a learning management website for teachers and students, which exposed records of 27 million users. The researchers sent warning…
