If my account is hacked - how to protect from a scenario of app+DB deletion by a hacker?

How to protect an app and database so if it’s deleted by a hacker, it can still be restored?
There is an option to export the app to a file so you could possibly restore the app.
But what about restoring the database?

If you’re talking about the editor there is a Copy & Restore feature as shown below, and if your Bubble Editor account got hacked I would be concerned, that’s why I’d recommend getting 2FA enabled on your account.

image

I mean, if a hacker gains access to your editor.
Your 2FA can be hacked as well if your phone or laptop is stolen.

If I were the user of your app, I’d hope that your password would be extremely secure along with taking extra actions such as enabling 2FA. I don’t believe there has been an issue here with 2FA being hacked. I’d talk to Bubble more about this at support@bubble.io

@eve or the success team will usuallly answer

Even if you enable 2FA and someone gains remote access to your laptop through malware, or someone breaks into your apartment and takes your unlocked laptop, they have access to your editor.
Also, if someone steals your phone after they see you typing your password, they gain access to your 2FA.
The only way to recover is by having a full external backup.

1 Like

Do regular backup of your app using export JSON app tool. However, I believe when you delete an app from your app’s panel, it should be recoverable after short amount of time.

It would be great to have 2FA pairing with Google Authenticator so you would need to unlock your phone and get the code.

But honestly, the scenarios you’re describing here are remotely 0.0001% chance to happen. How you can get hacked from your email, your phone, and your bubble account / whatever.

At this same scenario if someone has your email account and your phone stolen he can literally rip your bank account.

JSON export does not include DB.
Your phone’s password is visible to everyone who stands behind you when you unlock your phone.
But even easier, your laptop password is visible to other people if you work from a co-working space or coffeeshop and then they don’t need any 2FA since your editor is already open in the browser.

1 Like

You always have the option to restore your database.

Even if the app is deleted completely ?

If you’re app is completely deleted, that’s too bad you were most likely didn’t have a secure password, we’re cautious about sharing your email address associated with your Bubble account or something like that. Did something like this happen to you? If so, you may be able to contact Bubble (support@bubble.io) to see if they have any backups for you.

Didn’t happen - trying to protect.
If I have access to your phone, I will know what your bubble email is by searching through your emails.

That’s a bit over the top and extreme don’t you think? A hacker is going to somehow go to wherever you are, steal your laptop, steal your phone, just to get into your Bubble account?

I can give you an easier scenario.
Have you ever had a computer virus ?
A hacker can gain access to your mouse through a virus and then in your browser, delete the bubble app.

This can also be done via a Chrome plugin that you install

Nope. Never. I’m just gonna let other users answer your question as there isn’t a good answer for it. You can have a Google Account, it can get hacked. But the question is will it?

You don’t have any Chrome plugins ?

Only one I have is Adblocker and Grammarly.

I completely agree with you and have the same concerns. This is the reason we just left bubble and had our application built in custom code. I don’t truly believe that there are any Enterprise customers actually using bubble, as you can see yourself the responses you are getting on here are so ridiculous. I can’t believe the responses you are getting from people acting like no one gets hacked or that viruses aren’t a thing. The one guy saying why would someone steal your laptop and phone just to get into your bubble account? What a stupid comment, why do hackers do any of the things they do?

Must be nice to be the other people on here that have such basic applications that all they require is a single strong password for security and they feel good. Pretty scary!!

Obviously you don’t like bubble which is ok you have your reasons… but now you start judging the people that uses bubble don’t you think this is little too much. Leave bubble and leave the people of bubble alone we are happy with our prototype and we feel secure and happy… to be honest they gave us the guide lines on how to secure our data from server side. And we trust /relay on them. We have business because of them. There was situation when price plan increased they re adjusted and gain trust again. Stop asking questions making assumptions like that… we love bubble and love is blind :slightly_smiling_face:

2 Likes

Ad hominem aside, the OP Q is an important concern in any enviro, inside or outside of Bubble. You are no less vulnerable using a full custom stack, as a hacker grabbing the service/surrogate ID creds on your hosted DB would be able to perform an equally destructive amount of damage.

The only way to mitigate is to backup, simple as that. You need to backup your app def/cons via the JSON export AND you need to externally backup your DB via DATA API on a scheduled basis.

As a feel good, you can open up a secondary Bubble account under separate creds, import your frequent backups into it, to have a semi-passive HA instance in the event you ever do have a hack event.

This is all industry best practice, REGARDLESS of your tech stack.

2 Likes