My security specialist forwarded this article to me since we are using firebase. Guys, don't forget you need to write security rules! It's one of those things you will forget about, and most people choose the default allow all option when they set up the project. Also, I think it goes without saying, DON'T STORE USER PASSWORDS IN PLAIN TEXT IN THE USER DOCUMENT. https://www.bleepingcomputer.com/news/security/misconfigured-firebase-instances-leaked-19-million-plaintext-passwords/#google_vignette