TechnologyThe data of 125 million Internet users was exposed by 900 websites

The data of 125 million Internet users was exposed by 900 websites

An avalanche of sensitive data found itself exposed on the Internet. An investigation by three experts shows that more than 900 websites exposed the information of 125 million people, including nearly 20 million passwords, following misconfiguration.

A trio of security researchers have discovered a huge data leak, report our colleagues at Bleeping Computer. According to the three experts, more than 900 websites inadvertently exposed data belonging to 125 million users.

At the origin of this large-scale breach, we find poorly configured Firebase instances. Developed by Google, the Firebase platform allows websites to host data, set up an authentication service, deploy cloud functions or take advantage of Google Analytics for Firebase.

Also read: Thousands of sites have been hacked due to a vulnerability in a WordPress plugin

19 million passwords exposed

Unfortunately, it turns out that administrators of 916 websites were careless when configuring data instances. According to the researchers, who detail their findings in several blog posts, these instances were devoid of the slightest security rule. Poorly configured, they allowed read-only access to website databases. Clearly, anyone can consult Internet users’ data.

By analyzing more than five million domains, experts found that the data of more than 125 million people could be accessed. Among the data exposed are email addresses, names, passwords, phone numbers and billing information with banking details included. In detail, the researchers identified almost 19 million passwords in plain text and 33 million phone numbers.

This is sensitive information. Exploited by cybercriminals, this data can be used to orchestrate phishing attacks, bank fraud or take control of any online account. It is enough for the disclosed password to have been recycled by the Internet user for the hacker to gain access to all accounts, whether it is a simple Facebook profile or a bank account. The damage caused can be significant.

It is by dwelling on a Firebase instance used by Chattr, an AI-powered hiring and recruiting software for small businesses, that researchers discovered the problem. After carrying out a major investigation, they promptly alerted the administrators concerned. Unfortunately, only a quarter of the directors has already corrected the situation by reconfiguring their Firebase instance. However, the researchers’ warning dates back to January.

🔴 To not miss any news from 01net, follow us on Google News and WhatsApp.

Source :

Bleeping Computer

Daily Global Times
Daily Global Times
Daily Global Times provides the latest news from India and around the world. Read the latest headlines and news stories, from Politics, Entertainment, Tech and more.

Related Article

Editors Picks