Flipaclip, a popular animation creation app among children, has gathered insights from more than 890,000 users.
A previously undiscovered vulnerability has been identified in the frame-by-frame animation app, available for both iOS and Android devices, by researcher “BobDaHacker” who promptly notified the developers at Visible Blasters this month.
The security flaw enabled unauthorized access to sensitive information regarding the application’s customer base from an exposed Google Firebase server.
Following BobDaHacker’s disclosure to Visible Blasters about the vulnerability, hackers quickly took advantage of the security flaw to gain unauthorized access and extract sensitive information.
Without compromising sensitive information such as customers’ financial details and passwords, or their animation projects, it was not feasible to access the most delicate data related to FlipaClip’s clients.
Despite the breach, sensitive information including names, delivery dates, email addresses, and international locations of residence had been compromised, leaving them vulnerable to potential exploitation by fraudsters, for instance, in a phishing scheme that could trick FlipaClip animators into divulging their login credentials and other confidential data.
A significant proportion of FlipaClip’s customer base – roughly 70% in 2022 – comprised children under the age of 18, a demographic that is particularly vulnerable to concerns about online safety and privacy.
Fortunately for Flipaclip’s sizable and energetic user base of over 6 million individuals, there is currently no indication that the exposed personal data has been shared publicly.
According to Josh Ward, developer of FlipaClip at Visible Blasters, the previously reported issue has been thoroughly resolved.
Following an incident, FlipaClip claims to be bolstering its security protocols and seeking official guidance from authorities regarding reporting the safety breach to relevant regulatory bodies.
Unfortunately, it appears that FlipaClip has not yet informed its customers about the data breach, which is likely to lead many users forgetting that a security issue ever existed – despite the risk being deemed relatively low.
Google Firebase is a cloud-based backend database service widely used by websites and applications to store data. Unfortunately, a prolonged history of incorrectly configured Firebase deployments has led to sensitive data being exposed publicly on the internet.
Google announces new measures for builders to reduce misconfigured Firebase databases, protecting sensitive app data from exposure.
