Recently, a smart home device manufacturer called Orbivo suffered a massive data breach. The company touts more than a million users, including both consumers and businesses. Customers from Asia-Pacific, Europe, and the Americas were impacted by the cyber attack.
Despite the company’s online promise of implementing strong data protection, the company’s user database that supported an Internet of Things (IoT) management platform fell victim. A classic case of misconfigured technical tools, installed without basic password security, set the stage for the attack. More than 2 billion logs containing usernames, user IDs, family names, user passwords, email addresses, account reset codes, device details, and more, were stolen.
Databases on the internet that lack passwords are more common than one might imagine. Barely two weeks ago, the very same researchers who discovered this attack described another successful database exploit exposing the pharmaceutical prescriptions of 78,000 patients and that resulted in the loss of full names, physical addresses, email addresses, and cell phone numbers. This is another example of an online database with insufficient or non-existent password security.
With the Orvibo breach, the technical specifics render hackers capable of locking users out from their own accounts. The firm’s consumer security products, such as smart locks, security cameras, and smart home kits, all appear to have been affected.
“With the information that has leaked, it’s clear that there is nothing secure about these [Orvibo Smart Home] devices. Even having one of these devices installed could undermine, rather than enhance, your physical security,” write the researchers credited with identifying this breach.
As evidenced by the recent wave of breaches, protecting your data is essential. To avoid mishaps, insure that developers responsible for installing software or hardware are properly trained, conduct regular assessments of your online environments, and implement powerful compliance reporting tools.
Close your security loopholes now. For more information on preventing cloud misconfigurations and implementing security best practices, visit Forbes.