FROM CACHE - en_header
Promotion image

Why is it bad that my Firebase and MSG91 authorization data, including secret keys, have leaked?

Why is it bad that my Firebase and MSG91 authorization data, including secret keys, have leaked?

Miroff
Shopify Partner
1 0 0
‎02-14-2025 02:39 PM

I recently discovered that an app from the Shopify App Store is exposing my API credentials (Firebase and MSG91 keys) publicly. This includes not just public keys but also private secret keys, which means anyone can:

  • Send SMS messages or push notifications on behalf of my store without my consent.
  • Wipe out my Firebase and MSG91 balances, as full access is exposed.
  • Steal sensitive customer data if stored in Firebase.
  • Use my credentials for malicious activities, leading to account suspensions or financial losses.

 

The app developers are dismissing the issue, claiming they only provide integration. However, this is a massive security vulnerability that affects all stores using this app.

 

What actions should I take?

Labels:
261 Views
0 Likes
Report
Replies 0 (0)

Community Blog Articles

May '25.jpg
Celebrating our Members of May '25

June brought summer energy to our community. Members jumped in with solutions, clicked ...

By JasonH Jun 5, 2025
441285313-63bbef53-3fbe-4e8b-a706-5b37afa90468.png
Automate store operations with Shopify Academy & Coding with Jan

Learn how to build powerful custom workflows in Shopify Flow with expert guidance from ...

By Jacqui May 7, 2025
April 25.jpg
Highlighting our Members of April '25

Did You Know? May is named after Maia, the Roman goddess of growth and flourishing! ...

By JasonH May 2, 2025
Terms of Service Privacy Policy