Company that runs SmartMate, a platform to manage smart home appliances, involved with leak of over 2 billion records
A company that runs SmartMate, a platform to manage smart home appliances, has leaked over 2 billion logs of highly sensitive information via a publicly accessible database.
Orvibo’s database leak – which includes usernames, emails, passwords, family names, precise locations of IoT devices, and account reset codes – is a result of a misconfigured backend server that doesn’t require a password, as reported by ZDNet.
What’s worrisome is that the compromised data contains precise coordinates pinpointing the user’s exact location. Combined with other disclosed information, criminals can piece together identifiable data to further disrupt a user’s home. This could also lead to victims being followed, stalked, robbed, or spied on.
Perhaps the worst damage involves the company’s logging of passwords and account reset codes, which were hashed but not salted. This practice means that the stored passwords could be discovered and decrypted, then used to log in to an account without their knowledge. Any malicious actor could hijack SmartMate accounts and take full control of the user’s smart devices virtually.
Orvibo claims to have millions of users, including businesses and consumers. Researchers studied hacked accounts in China, and saw some signs of the breach in Thailand, Japan, the U.S., the U.K., France, Mexico, Australia and Brazil.
The incident highlights how consumers willingly give up data in order to own affordable smart devices, and how crucial it is to secure them with a strong password. It a ..
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
