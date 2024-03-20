



A recent post by three security researchers who go by the online handles “mrbuh,” “xyzeva,” and “logykk” suggests that more than 900 misconfigured Google Firebase websites could result in approximately 125 million User records may have been compromised.

Security researcher mrbruh gained access to popular retail food websites including Applebees, Chick-fil-A, KFC, Subway, and Taco Bell by hacking Chattr.ai, an AI-based recruitment system. It was first reported on January 10th.

Retail and Hospitality ISAC reported on this incident on January 11, the day after the initial post by mrbruh, stating that an attacker used the registration functionality of Chattr.ais to exploit a vulnerability or misconfiguration to completely I mentioned that you can create a new user profile with read/write permissions. Located in the Google Firebase backend database. Retail and hospitality businesses were then advised to contact Chattr.ai.

After initial news coverage of Chattr.ai's release, a trio of researchers set out to scan the internet for PII leaked through misconfigured Firebase instances, uncovering sensitive bank details, billing information, and invoices. We found leaked records such as: The leaked data also included names, phone numbers, email addresses, and passwords.

Attempts to reach Chattr.ai and Google for comment were unsuccessful at the time of publication.

The industry is not immune to misconfigurations.

“Most successful attacks against cloud infrastructure these days are due to misconfigurations,” said Patrick Tike, vice president of security and architecture at Keeper Security. Google Firebase is continually upgrading and evolving its security recommendations, but as was the case with his Chattrs implementation of Firebase, these components are not always properly implemented or monitored. said Tickett.

Administrators should always use secure vault and secret management solutions and ensure that necessary patches and updates are implemented immediately, Tikett said. You should also check your cloud console's security controls to ensure they are following the latest recommendations.

Jason Soroko, Sectigo's senior vice president of products, said this was a great lesson for both users of cloud systems and cloud architects themselves.

In some ways, recent Google Firebase issues could be made worse because administrative capabilities are now granted to malicious actors, which could lead to deeper-level compromises, Soroko said. I am. Let's see if we can get a set of tools to help us better evaluate our configuration.

