In this blog post, the author shares how they managed to exploit a vulnerability in Chattr.ai, an AI hiring system used by various fast food chains and hourly employers in the United States. By searching for exposed Firebase credentials on AI startup websites, the author gained full privileges to the Firebase DB, accessing sensitive information such as names, phone numbers, emails, plaintext passwords (in some cases), and even confidential messages and shifts. The author also mentions that they were able to gain control over Chattr.ai’s Administrator dashboard. The vulnerability was discovered on January 6th and patched on January 10th, but no response or thanks has been received from Chattr.ai yet.
https://mrbruh.com/chattr/