Orvibo, a producer of IoT devices used by millions of customers, left its user database exposed to the open internet, vpnMentor said in a blog post. The vulnerability exposed billions of sensitive records including emails, passwords, account resets, and more.
The post did not state hackers accessed the data. However, it did state the database remained vulnerable at the time of publishing. It’s unclear if or when Orvibo will take action.
“The amount of data available from Orvibo’s servers is enormous. It’s also highly specific, which shows just how much data smart home devices can collect about their users,” the blog said. “According to the company, there are over a million users who have installed Orvibo products in their homes and businesses.”
Fear of Massive IoT Security Invasions
Orvibo’s IoT devices collect data about users’ homes. Moreover, many hotels use them in their businesses. VpnMentor states hackers with access to the information could therefore cause massive disruptions.
The post cites changing smart socket energy use to increase a competitor’s operating costs, taking over smart locks to perform home break-ins, and hacking smart mirrors to gain access to a personal calendar, as potential security issues.
“A breach of this size has massive implications. Each device in Orvibo’s product catalog can have a different negative effect on its users. This is on top of having an abundance of identifying information about users,” the company said. “Much of the data can be pieced together both to disrupt a person’s home while possibly leading to further hacks.”
Merchants Must Take IoT Data Breaches Seriously
VpnMentor states the discovery highlights the problems of merchants using IoT devices. It cites a number of ways unsecured IoT devices could harm a business including lost revenue, lost consumer trust, and interruptions to service.
For these reasons, the company also states merchants must take these problems seriously. It calls on merchants of all kinds to do more do secure the data generated by their IoT devices.
“This is an increasing problem when it comes to what is called the Internet of Things. This refers to all of the smart devices that communicate with one another via an internet connection,” the post said. “As an industry that’s still relatively young, however, there are a lot of security issues that need to be addressed by manufacturers while they still can.”