Database leaks are nothing new in this digital age. They’ve become the honey pot of hackers everywhere, with an unencrypted database being the jackpot allowing them to cause havoc.
Recently, we saw a different kind of database leak. This leak did contain usernames and passwords as normal, but instead of them being for online services, they were for IoT devices. This makes it one of the first breaches where people’s physical devices were under threat due to a database leak.
This is the case of Orvibo, a Chinese company in charge of handling smart device data for international consumers. They used a database called SmartMate to store all of this data, which was only protected with a layer of MD5 encryption and no salting.
What makes this attack particularly terrifying is the amount of data the hackers got from this leak. The data within SmartMate included usernames, passwords, device reset codes, and precise locations of where each device is.
The last piece of information is especially worrying. With an idea of where the device is, a hack could go further than just simply gaining access to it. A hacker could use the information from this database to further hone in on a specific business, using the username and password they have to dive deeper into their systems.
What this Means for the Future
The most worrying aspect of this attack is what this means for the future of IoT. When database leaks happened in previous years, they were damaging but nothing too serious. Typically, it meant that users just had to reset their passwords on their accounts, and all was well.
With this new world of IoT with devices storing very personal information, these leaks have suddenly become a lot more serious. Now A database leak could give away your location, the digital keys to your smart surveillance system, and the timers you’ve set up for your home lights. With this kind of information, a hacker could step up a digital attack into a physical burglary.
What Can Be Done?
Unfortunately, this is not something that we, as the consumers, can directly fix. If a company is storing our personal information without the proper countermeasures against hacking, we won’t know until it’s too late.
The best way to handle these breaches is to not entrust your personal information with these IoT devices; at the very least, share the information with trusted and respectable companies that won’t leak your data so easily.
At any rate, companies should definitely be more cautious of how they store IoT data in the future. As more of our lives and private data move to the cloud, it’s vital that this information is properly stored to prevent devastating privacy issues.
A New Generation of Leaks
Database leaks are nothing new, but the data stored within them is becoming more and more sensitive. With IoT devices logging our actions and locations, database leaks are becoming a huge threat to the privacy of users.
Does this attack make you feel more cautious about giving IoT companies your data? Let us know below.