A major security breach has been uncovered involving misconfigured Firebase instances, resulting in the exposure of 19 million plaintext passwords. Researchers discovered this vulnerability after scanning over five million domains, finding 916 websites with weak or no security rules. The leak exposed over 125 million sensitive records, including emails, names, passwords, phone numbers, and billing information. Efforts to alert the affected companies resulted in a 1% response rate, with only a quarter of these companies rectifying the issue. This incident highlights the critical importance of proper database configuration and security practices.

Relevant URL: https://www.bleepingcomputer.com/news/security/misconfigured-firebase-instances-leaked-19-million-plaintext-passwords/#google_vignette