Hacking Bubble unique assigned id's


I recently learned that web addresses my app assigns to users are really assigned by Bubble using unique ids.

I want to learn if this creates vulnerabilities for me and the customers I serve. For example, let’s assume that all urls follow the same format, e.g.:


It would seem to me that if a script were created you could run it to check all combinations possible as this would be easy to do. If successful, the results would let a hacker know:

How many customers the app has
telephone numbers
and so on…

The hacker could then sell this information forward or even do something bad.

I’m concerned about how vulnerable this is and what measures can be taken to counter it.

Would really appreciate hearing more on the subject.



That is why privacy rules are so important… even if someone gets the right combination, he will not be able to read anything…

1 Like

Thanks for the link! This is really good info!

This topic was automatically closed after 70 days. New replies are no longer allowed.