If you need assistance, please call 317-590-2901

2 Billion Records Exposed in Smart-Home Device Breach

Wednesday, July 3, 2019   /   by Carlos J Higareda

2 Billion Records Exposed in Smart-Home Device Breach

July 3, 2019

Just how secure is that “smart” security camera or door lock? That is being called into question after reports of a massive data breach hitting the smart-home industry that could extend to smart locks, home security cameras, and full smart-home kits.

An database for devices manufactured by Orvibo, which runs an “internet of things” management platform, was left exposed to the internet without any password protection, security researchers with vpnMentor recently uncovered. The database includes more than 2 billion logs containing everything from user passwords to account reset codes and even conversations recorded by smart cameras, Forbes.com reports.

Orvibo manufactures about 100 different smart-home or smart-automation devices. The Chinese-based company offers cloud security for smart-home devices; the firm says it supports more than a million users with its IoT devices. Their customers include private individuals with smart-home systems as well as hotels and other business customers.

Security researchers with vpnMentor say the data exposed is extensive, including email addresses, passwords, account reset codes, IP address, usernames, user IDs, family name, smart device type, scheduling information, and more. The vpnMentor report also says that logs were found from users all over the world, from the U.S. and Mexico to Australia, Japan, and China.

The reset codes may be the most vulnerable of the information that could fall into hackers’ hands, researchers warn. "These would be sent to a user to reset either their password or their email address," the report explains. "With that information readily accessible, a hacker could lock a user out of their account without needing their password. Changing both a password and an email address could make the action irreversible."

Researchers say they do not know yet whether hackers have already been aware of the system’s vulnerability. But they say the company was first alerted to the issue on June 16. ZDNet reported this week that the database has remained accessible online without password protection.

"The best thing now for people affected is to make sure their smart-device passwords are changed immediately to something long and complex along with other accounts where the same password may be reused," Jake Moore, a cybersecurity specialist at ESET, told Forbes.com. However, he cautions that hackers could be watching before any patch is installed. Customers "may as well pull the plug on the device until it is fixed,” he says.

eXp Realty
Carlos Higareda
719 Virginia Ave, Suite 101
Indianapolis, IN 46203

The source of the Licensed Listings is BLC® listing service. The Licensed Listings are confidential information of BLC® listing service. The BLC® listing information is provided by the Metropolitan Indianapolis Board of REALTORS® from a copyrighted compilation of listings. The compilation of listings and each individual listing are © 2023 Metropolitan Indianapolis Board of REALTORS® All Rights Reserved. The information provided is for consumers’ personal, non-commercial use and may not be used for any purpose other than to identify prospective properties consumers may be interested in purchasing. All properties are subject to prior sale or withdrawal. All information provided is deemed reliable but is not guaranteed accurate, and should be independently verified.
This site powered by CINC: www.cincpro.com