TLDR: - Firebase allows for easy misconfiguration of security rules with zero warnings - This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information After the initial buzz of pwning Chattr.ai had settled down, we set to work on scanning the entire internet for exposed PII via misconfigured Firebase instances. Attempt 1 MrBruh wrote up a rudimentary scanner in Python that would check for Firebase configuration...