Smart home product firm left personal data for 1 million users unsecured
Cyber Security

Smart home product firm left personal data for 1 million users unsecured

Security researchers published a report Monday saying lax security protocols for a publicly accessible database created by a Chinese smart device maker could allow hackers to take control of the more than 1 million homes which use the company's products.

The database, which is owned by Shenzhen-based smart home product maker Orvibo, includes an excess of 2 billion logs including user names, email addresses, and passwords to precise geolocations, according to a report by the cybersecurity research firm vpnMentor.

The vpnMentor report said much of the leaked could be pieced together to disrupt and gain access to users' homes and possibly lead to further hacks.

Orvibo's products include SmartMate, a platform that manages smart appliances, a lighting control system for smartphones, and a home security system that controls smart locks and security cameras, according to its website.

“A malicious actor could easily access the video feed from one of Orvibo's smart cameras by entering into another user's account with the credentials found in the database,” said the report. It would be easy to unlock a door from the same account, it said.

An email query to Orvibo on Tuesday went unanswered. A woman who answered the phone at Orvibo's Shenzhen office said nobody was immediately available to respond to media queries.

Orvibo says it has around 1 million users, including individuals, hotels, and other businesses who use the company's smart home devices. The data breach affects users from China, Japan, Thailand, the US, the UK, Mexico, France, Australia, and Brazil, according to the report.

The report said hackers would be able to easily take the whole network of a business offline with a fully connected set of Orvibo's smart home items. “When an entire building or dwelling relies on connected technology for security, an outage can stop the whole operation,” the vpnMentor report said.

The report, which was published on Monday, said that security for the database had still not been rectified at time of publishing despite efforts from vpnMentor to alert Orvibo through various channels including email and Twitter.

A vpnMentor spokeswoman told TechNode on Tuesday afternoon that the server which hosts the database had been closed and is no longer accessible.

You might also like

Apple users targeted by new phishing attack to reset ID password

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

GoodRx fined $1.5 million for allegedly selling users health data

Bitwarden users at risk after potential phishing scam discovered

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More