SoylentNews
SoylentNews is people
https://soylentnews.org/

RandomFactor writes:

BleepingComputer reports that Chinese smart home vendor Orvibo has an unsecured database online that exposes over 2 billion logs detailing usernames, email address, passwords and more.

The disclosing research firm's report is available here.

vpnMentor's research team reached out to the vendor on June 16th, but did not receive a response and as of publication the database is apparently still online and the amount of data exposed is still increasing.

Exposed data includes:

• Email addresses
• Passwords
• Account reset codes
• Precise user geolocation
• IP addresses
• Username & UserID
• Family name & Family ID
• Device name & Device that accessed account
• Recorded conversations through Smart Camera
• Scheduling information

Passwords are hashed but without adding a salt, making them relatively easy to crack.

Possibilities for hackers are myriad, including completely locking users out of their own accounts and taking complete control of smart homes, accessing video feeds, unlocking doors and more.

Original Submission

1. "RandomFactor" - https://soylentnews.org/~RandomFactor/
2. "Orvibo" - https://www.orvibo.com/
3. "unsecured database online" - https://www.bleepingcomputer.com/news/security/billions-of-records-including-passwords-leaked-by-smart-home-vendor/
4. "here" - https://www.vpnmentor.com/blog/report-orvibo-leak/
5. "salt" - https://en.wikipedia.org/wiki/Salt_(cryptography)
6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=34792

printed from SoylentNews, Billions of Records Leaked by Smart Home Vendor on 2023-05-26 15:12:30