CyberInsider

Reliable cybersecurity news and resources

General

Guides

About

Cyber Insider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

FlipaClip Data Breach Exposes 895,000 User Records Including Minors

By Leave a Comment
FlipaClip Data Breach Exposes 895,000 User Records Including Minors

A vulnerability in the popular animation app FlipaClip led to the exposure of sensitive user data, including names, emails, birthdates, and countries, affecting nearly 895,000 accounts. Notably, 22% of the affected users are minors. The breach, caused by an improperly secured Firebase server, has since been resolved, according to the app's Miami-based developer, Visual Blasters.

FlipaClip is a widely used animation app that allows users to create frame-by-frame animations. Targeted at beginners and hobbyists, the app is especially popular among younger audiences, including teens and children, who use it for school projects, social media content, and creative pursuits. With millions of downloads across app stores, FlipaClip holds a significant user base, making the data exposure especially concerning given the app's appeal to minors.

The breach was initially uncovered by a researcher known as “BobDaHacker”, who identified and reported the vulnerability. Following the disclosure, a secondary source exploited the vulnerability to extract the data, later sharing it with security journalist Ryan Fae (@RhinozzCode) and the breach notification service Have I Been Pwned (HIBP).

The compromised data includes:

  • Names
  • Email addresses
  • Geographic locations
  • Dates of birth
Exposed data
Ryan Fae

FlipaClip developer Josh Ward confirmed that the issue was “fully rectified” and clarified that the leaked database would not be made publicly available. Despite this, HIBP added the breach to its database, marking the incident date as November 18, 2024.

While the leaked data has not been circulated online, it should be noted that exposed Firebase servers are often targeted by automated crawlers, and stolen data is quickly trafficked on cybercrime forums. CyberInsider can confirm that no public exposure of the dataset has occurred as of writing.

The exposed data, particularly email addresses and birthdates, poses risks of phishing, fraud, and identity theft. Parents of affected minors should monitor email accounts and watch for suspicious communications. All users are advised to:

  • Change passwords if they used the same credentials across services.
  • Enable multi-factor authentication (MFA) on accounts where possible.
  • Be wary of phishing attempts using personal data, such as emails referencing their location or birthdate.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *