"900 Sites, 125 million accounts, 1 vulnerability"

"""

TLDR:

- Firebase allows for easy misconfiguration of security rules with zero warnings

- This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information

"""

https://env.fail/posts/firewreck-1/

#security #webdev #firebase #infosec