Check Point claimed it uncovered thousands of mobile apps that exposed data in a new report released on Tuesday.
Check Point discovered 2,113 apps that used the cloud-hosted Firebase database, all of which had backend data that was unencrypted and vulnerable to hackers. Chat conversations in gaming apps, personal files such as family photos, token IDs for healthcare apps, and data from cryptocurrency exchange sites were among the data exposed.
More than 50,000 private communications from clients were revealed by a dating app. 130,000 users' usernames, passwords, and email addresses were exposed via an app used to generate logos and images. Users' bank credentials, phone numbers, and chat messages were revealed by an app for a social audio platform.
Approximately 280,000 phone numbers were discovered in an accounting tool for small businesses, along with at least 80,000 firm names and locations. A PDF reader software also exposed secret keys that might be used to access the company's VPN network by a hacker.
"Cloud misconfigurations are the result of a lack of knowledge, right policies, and security training," according to Check Point's analysis. "With the new work from the home hybrid paradigm, this is even more heightened and needed." "Bad security procedures can cause a lot of damage, but it's only a few clicks away from being fixed." Check Point emphasized.
Furthermore, Check Point advises developers who use cloud-based services to follow the provided rule for "Ensure S3 buckets are not publicly accessible" to conform to AWS CloudGuard S3 Bucket Security in Amazon Web Services.
If you use the Google Cloud Platform, you can verify that your cloud storage database is not anonymously or publicly accessible by following a rule in Google's knowledge base. Finally, Azure users should make sure that the default network access rule for Storage Accounts is set to deny Rule ID.