Hey, Reader. Chances are high that I never learned your name. So you'll just have to deal with being called Reader for now.

A select few of you may know this already but Chattable has been suffering online attacks for years. Yes, really, years. But that's a problem when hosting any online service to the public, even offline & IRL. However, since August 2025, Chattable has been receiving a particular attack which affects me financially. I'm not asking for a donation, in fact, if you're reading this then I'm not even accepting donations anymore. I'm just here to explain what's going on & how I'm deciding to move forward.

These particular attacks of concern have been targeted our database, hosted by Firebase. This project originally started on Firebase using just client side JavaScript on a web page as a proof of concept, which admittedly, was known to have security flaws. I mean it was literally all client side code. Though after the public's discovery of these vulnerabilities in June 2023 & the attack in August 2023, I had to shutdown Chattable and rewrite a lot of code to convert to a system that uses websockets & backend server to handle requests to write to the database. However, I made the mistake of only including writes to this secured proxy, not reads. I did not think reads would get abused, in fact, at that time the Firebase project was still on a free plan. So limiting reads wasn't a concern.

But alas, all of the support Chattable received in 2024 & 2025 was so great that I had to upgrade Firebase to a paid plan in order to keep up with the amount of concurrent connections & requests my database was receiving from everyone. Exposing a new vulnerability: Allowing anyone to rack up my Firebase bill by creating scripts to spam reads. And oh boy, it happened. What started in August 2025 (not to be confused with 2023) were attacks only costing me a few dollars a month, eventually grew to several dollars a day by the end of December. Firebase projections of $75/month in January, $7.50 by midnight on the 3rd, a 1346% increase from last month. Unsustainable.

Especially since Chattable is funded solely by my own weekly paycheck (from the full time jobs I've maintained over the years in Manufacturing) I'm not able to justify the $75/month price tag to just keep this operational for all. Especially with other costs like keeping the backend online. Plus with my full time job and other real life responsibilities, I just don't possess the time or motivation to rewrite the all the code. Updates required for the backend code & client side code to handle logins, auth tokens, read requests, realtime client side updates for database updates and all the other changes required to ditch Firebase completely and fix this vulnerability.

With that said, I bring slightly good news! All your accounts & chat data is safely stored, untampered with, on a database which is turned off. And I will be turning this database back on, but with a twist. I will be downgrading the Firebase project back to a free plan. This means as the attacks continue or even during days of normal to high traffic, most services will not be available. Due to attacks alone: you may not be able to see your chats again for years if they decide to drag this out this long. This is for archival purposes only and it IS recommended that you stop using Chattable on your site simply due to the lack of resources it now has.

Once the attacks stop, this will allow you & your friends to still use Chattable & all its services, access your accounts, customize your chats, send new messages, and do everything else you could before as long as the Firebase resources are not expended for the day. Note: Firebase will automatically disable all services once they hit their free tier limits for the day to prevent any charges from accruing on my billing account.

If you have any questions, comments, or concerns absolutely do not hesitate to reach out.


Thank you for supporting one of my (if not my #1) most favorite web projects,

Andrew