Someone Hack My Firebase & Deleted all data

How can i fixed this problem? This hacker deleted my all data. Is thare any way to protect may firebase From hacker???

Don’t share your passwords or tokens. :man_shrugging:
Try programmatically setting the token, in an obfuscated text block.


No one Know my firebase token. Then how they clear may all data??

They could know your Google Account password maybe. That’s the easiest way to clear all data - through the Firebase Console.


No…bro… No one know my gmail password

How do you know that? There’s really no other way to delete Firebase Data unless they had your Token or Password.


Could be… :joy::joy:

It could be if you offered to create/edit/delete firebase data in your app, than if someone delete all your tags it will be empty project. But in this way you lost your data only not project

İt is possible. Someone can sniff app data and find firebase database url. And then can modify that database. You can find this kind of videos on youtube

1 Like

Yes… Thare are a simple code to remove all data from my app.

You’d need the password. If you’re using an app to modify data, that can be easily prevented by proper Firebase rules.

P.S. Did OP have Firebase reads and writes set to “true”?

How Can I usage That kind of rules??

If i usage this rules then it will be difficult to Deleted my all data.

Add this rule:

".validate": "newData.exists()"
1 Like

WHEN i usage ```
"auth != null

How can you write if you set the rules different from true, because if I set like, for example “.write”: “auth != null”, i can´t write, even if a was authenticated

It works perfectly fine for me. :man_shrugging:

1 Like

It’s workers in Android studio

i have rules like this

i have an autheticated user, I succesfully logged in with that user with firebaseauth, but, i cant read the database, unless i put the read/write rules to “true”

there is a point that i’m missing? help, please.

Is it working??

No. I have no idea what’s wrong since I’m using the same rules without any problem.