Smart homemaker, Orvibo, recently encountered a data breach, leaving 2 billion records exposed. The company runs SmartMate, a platform that allows users to manage their smart home appliances.
According to the article published by Forbes, security researchers exposed the data leak. Noam Rotem and Ran Locar from vpnMentor spearheaded the security research team. The findings of these two individuals reveal that Orvibo data remained open to the public without password protection.
As of July 2, vpnMentor reports the closure of the company website.
Based on the findings of Rotem and Locar, the system houses over two billion logs. The information affected by the data leak included names, email addresses, usernames, and passwords. Besides these, the IP address, type of smart device, and precise geolocation of users also became compromised.
The report released by vpnMentor states that the hackers likewise obtained the chosen family names and reset codes. These details, alongside usernames and passwords, reportedly allow hackers to gain complete control over the account.
vpnMentor recorded entries of users located in Australia, Brazil, France, Japan, Thailand, the United Kingdom, and the United States. Meanwhile, ZD Net recorded user logs from China.
The Root of the Problem
As reported by ZD Net, the root of the problem stems from a leaking backend server named Elasticsearch. The database remained connected to the Internet without Orvibo noticing.
The two lead researchers from vpnMentor and the ZD Net team both reached out to the Shenzen-based firm. However, reports reveal that Orvibo remained mum about the issue, allowing the server to continuously leak for two weeks.
Repercussions of the Incident
One of the biggest ramifications from this massive breach is having hackers spy on users without customers knowing. With the private information obtained by the hackers, spies could gain access to security video feeds. In addition, original users could be locked out from their accounts.
ZD Net states that criminal groups have the power to conduct robberies while homeowners are not at home. Hackers could also interfere with the energy use of smart home appliances.
In an interview with Forbes, Ben Herzberg states that hackers can “use the data to their advantage.” This can also “work themselves even further into the networks of the organization and infiltrate additional resources.”
To help users address the incident, individuals should change their passwords immediately. Users should also unplug their smart home devices until Orvibo fixes the issue.