Firebase Authentication vulnerability

According to this Medium article, Firebase Auth has high default quota limits and enables Google identity services without opt in. The API also returns revealing auth failure info (invalid email/bad password). This creates a perfect setup to exploit via brute force attacks. Currently, there isn't an official fix from Google but there are workarounds as stated in the article. We currently do not implement any workarounds to fix this issue.