Forwarded from BlackBox (Security) Archiv
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.
👀 The full contents of the database, spanning across 4,282 apps, included:
‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+
👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html
#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.
👀 The full contents of the database, spanning across 4,282 apps, included:
‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+
👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html
#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Millions of Telegram Users’ Data Exposed on Darknet
Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet.
Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet.
A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday.
According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes.
About 40% of entries in the database should be relevant
Telegram has reportedly acknowledged the existence of the leaked database to Kod.ru. The database was collected through exploiting Telegram’s built-in contacts import feature at registration, Telegram reportedly said.
Telegram noted that the data in the leaked database is mostly outdated. According to the report, 84% of data entries in the database were collected before mid-2019. As such, at least 60% of the database is outdated, Telegram declared in the report.
Additionally, 70% of leaked accounts came from Iran, while the remaining 30% were based in Russia.
https://kod.ru/darknet-sliv-baza-telegram-jun2020/
👉🏼 Read more:
https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet
#tg #telegram #leak #breach #database #exposed #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet.
Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet.
A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday.
According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes.
About 40% of entries in the database should be relevant
Telegram has reportedly acknowledged the existence of the leaked database to Kod.ru. The database was collected through exploiting Telegram’s built-in contacts import feature at registration, Telegram reportedly said.
Telegram noted that the data in the leaked database is mostly outdated. According to the report, 84% of data entries in the database were collected before mid-2019. As such, at least 60% of the database is outdated, Telegram declared in the report.
Additionally, 70% of leaked accounts came from Iran, while the remaining 30% were based in Russia.
https://kod.ru/darknet-sliv-baza-telegram-jun2020/
👉🏼 Read more:
https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet
#tg #telegram #leak #breach #database #exposed #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Код Дурова
В Даркнете выложили базу с пользователями Telegram
На одном из форумов Даркнета выложили базу с несколькими миллионами пользователей мессенджера. Файл со слитыми данными занимает примерно 900 мегабайт
Forwarded from BlackBox (Security) Archiv
Facebook does not plan to notify half-billion users affected by data leak
(Reuters) - Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.
The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.
The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.
Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.
Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook” but was now in contact.
The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.
The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.
https://www.reuters.com/article/us-facebook-data-leak/facebook-does-not-plan-to-notify-half-billion-users-affected-by-data-leak-idUSKBN2BU2ZY
#facebook #DeleteFacebook #data #leak #database #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
(Reuters) - Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.
The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.
The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.
Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.
Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook” but was now in contact.
The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.
The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.
https://www.reuters.com/article/us-facebook-data-leak/facebook-does-not-plan-to-notify-half-billion-users-affected-by-data-leak-idUSKBN2BU2ZY
#facebook #DeleteFacebook #data #leak #database #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Reuters
Facebook does not plan to notify half-billion users affected by data leak
Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.