Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Billions of Records Leaked by Smart Home Vendor

posted by Fnord666 on Tuesday July 02 2019, @01:22PM   Printer-friendly
from the no-salt-added dept.

RandomFactor writes:

BleepingComputer reports that Chinese smart home vendor Orvibo has an unsecured database online that exposes over 2 billion logs detailing usernames, email address, passwords and more.

The disclosing research firm's report is available here.

vpnMentor's research team reached out to the vendor on June 16th, but did not receive a response and as of publication the database is apparently still online and the amount of data exposed is still increasing.

Exposed data includes:

  • Email addresses
  • Passwords
  • Account reset codes
  • Precise user geolocation
  • IP addresses
  • Username & UserID
  • Family name & Family ID
  • Device name & Device that accessed account
  • Recorded conversations through Smart Camera
  • Scheduling information

Passwords are hashed but without adding a salt, making them relatively easy to crack.

Possibilities for hackers are myriad, including completely locking users out of their own accounts and taking complete control of smart homes, accessing video feeds, unlocking doors and more.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Billions of Records Leaked by Smart Home Vendor | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by Thexalon on Tuesday July 02 2019, @04:25PM

    by Thexalon (636) on Tuesday July 02 2019, @04:25PM (#862437)

    Just sue them

    That sounds great in theory, but:
    1. If you're in the USA, in a lot of cases, you can't. If you actually read the EULA, you'll often see that there's a section requiring that any dispute go into binding arbitration where they get to pick the arbitrator, and bans you from filing a class action suit in the event that the company does something bad to millions of people. The Supreme Court has repeatedly upheld this all as completely legal, and made it so these rules actually trump state laws as well.

    2. If they have 10 million affected customers, and assets of, say, $100 million, guess what the limit is on what you're getting in damages?

    3. Even if you win, you still have to collect damages, and that's easier said than done. Sometimes the mechanism for getting paid involves things like showing up with the sheriff and starting to take things [npr.org].

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4