Two billion user logs leaked by Orvibo (Smart home vendor)

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The leak, which apparently has yet to be plugged, exposes a range of very specific data about users

A Chinese smart home solutions provider has been leaking billions of logs from devices managed via the company’s cloud platform, exposing a range of sensitive information about their users.

The database – which was found sitting an ElasticSearch server with no password protection – belongs to a Chinese company called Orvibo. The platform, called SmartMate, is used by customers from around the world to manage their Internet-of-Things (IoT) devices, including home entertainment and security devices, and energy management and HVAC systems. A maker of around 100 smart home or smart automation products, Orvibo claims to have a million customers, both individual users and businesses.

Researchers at vpnMentor, who discovered the misconfigured server in the middle of June and described their findings in this blog post, wrote that Orvibo has been notified of the issue several times since June 16. Per latest reports (from yesterday), the database remains exposed.

There is no evidence that cybercriminals have accessed the data, but with such abundance of identifying information the scope for abuse is practically endless.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top