Menu

SMART HOME FEATURE NEWS

ElasticSearch's Orvibo Leaks Billions of Records and Passwords

By Chrissie Cluney July 09, 2019

A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, has leaked more than two billion user logs, which contains sensitive data of customers from countries all over the world.

What was some of the leaked data? ElasticSearch and Orvibo leaked email addresses, passwords, account reset codes, precise user geolocations and IP addresses, among other vital and personal information of its users.

Orvibo offers its clients smart solutions, which are designed to help them manage houses, offices and hotel rooms via smart systems. The company also offers security and energy management. The company also offers remote control and data recording/analysis using a smart home cloud platform.

“Unfortunately, such overt negligence is not that uncommon amid IoT and smart homes vendors. Most of them compete on a turbulent, aggressive and highly competitive global market and in order to stay afloat, they have to slay internal security costs. Consequentially, their business may be ruined by private and class lawsuits, let alone penalties and fines imposed by regulatory authorities. The victims don’t really have a recourse but to file a legal complaint and deactivate any remote management of their homes if it is doable. Those who use the same or similar passwords shall change them immediately. Worse, many similar incidents never go to the media, ending up in hands of cybercriminals. The more we will entrust our daily lives to precarious vendors, the more detrimental and dangerous risks we will eventually face. In a couple of years, attackers will likely be able to conduct mass killings of unwitting users of many emerging technologies,” said Ilia Kolochenko, founder and CEO, web security company, ImmuniWeb,

The exposed Orvibo database "includes over 2 billion logs that record everything from usernames, email addresses, and passwords, to precise locations," said vpnMentor. Despite the leak, the website is still online even though the company did not respond to vpnMentor‘s research team who reached out during last month to offer their assistance.

"As long as the database remains open, the amount of data available continues to increase each day," said the vpnMentor researchers. Users from all over the world, which includes China, Japan, Thailand, the US, the UK, Mexico, France, Australia, and Brazil have been affected by the data leak.

Elastic NV also urges admins to secure the ElasticSearch stack by "encrypting communications, role-based access control, IP filtering, and auditing," to configure passwords for their servers' built-in users, as well as to properly configure the cluster before to deploying it.


Chrissie Cluney has been a correspondent for IoT Evolution World since 2015. She holds a degree in English with a concentration in writing from the College of Saint Elizabeth.

Edited by Ken Briodagh
SHARE THIS ARTICLE
Related Articles

Rise in Remote Work Propels Network Visibility to Top Concern

By: Chrissie Cluney    8/7/2020

VIAVI Solutions has released the results of its 13th annual State of the Network Global Study of enterprise networking and security challenges.

Read More

Synaptics to Acquire DisplayLink Accelerate IoT Diversification

By: Ken Briodagh    7/29/2020

In a recent release, Synaptics announced the signing of a definitive agreement to acquire DisplayLink for $305 million in an all-cash transaction.

Read More

Traeger Chooses AWS for Channel Alignment, Scalability, Growth Foundation

By: Special Guest    7/21/2020

Traeger needed to find a partner who would get the job done right, and done fast, with no impact to their growing customer base.

Read More

Z-Wave Alliance Releases 2020 State of the Ecosystem Report

By: Ken Briodagh    7/21/2020

The 2020 report collects data and insight from experts on smart home and connected technology, across the globe.

Read More