IoT Developer Orvibo Suffers Major Database Leak

Database Leak Featured

Database leaks are nothing new in this digital age. They’ve become the honey pot of hackers everywhere, with an unencrypted database being the jackpot allowing them to cause havoc.

Recently, we saw a different kind of database leak. This leak did contain usernames and passwords as normal, but instead of them being for online services, they were for IoT devices. This makes it one of the first breaches where people’s physical devices were under threat due to a database leak.

What Happened?

This is the case of Orvibo, a Chinese company in charge of handling smart device data for international consumers. They used a database called SmartMate to store all of this data, which was only protected with a layer of MD5 encryption and no salting.

Database Leak Lock

What makes this attack particularly terrifying is the amount of data the hackers got from this leak. The data within SmartMate included usernames, passwords, device reset codes, and precise locations of where each device is.

The last piece of information is especially worrying. With an idea of where the device is, a hack could go further than just simply gaining access to it. A hacker could use the information from this database to further hone in on a specific business, using the username and password they have to dive deeper into their systems.

What this Means for the Future

The most worrying aspect of this attack is what this means for the future of IoT. When database leaks happened in previous years, they were damaging but nothing too serious. Typically, it meant that users just had to reset their passwords on their accounts, and all was well.

Database Leak Hacker

With this new world of IoT with devices storing very personal information, these leaks have suddenly become a lot more serious. Now A database leak could give away your location, the digital keys to your smart surveillance system, and the timers you’ve set up for your home lights. With this kind of information, a hacker could step up a digital attack into a physical burglary.

What Can Be Done?

Unfortunately, this is not something that we, as the consumers, can directly fix. If a company is storing our personal information without the proper countermeasures against hacking, we won’t know until it’s too late.

Database Leak Shield

The best way to handle these breaches is to not entrust your personal information with these IoT devices; at the very least, share the information with trusted and respectable companies that won’t leak your data so easily.

At any rate, companies should definitely be more cautious of how they store IoT data in the future. As more of our lives and private data move to the cloud, it’s vital that this information is properly stored to prevent devastating privacy issues.

A New Generation of Leaks

Database leaks are nothing new, but the data stored within them is becoming more and more sensitive. With IoT devices logging our actions and locations, database leaks are becoming a huge threat to the privacy of users.

Does this attack make you feel more cautious about giving IoT companies your data? Let us know below.

One comment

  1. “What this Means for the Future”
    It means that IoT is NOT READY for prime time. The technology may be bleeding edge but the security sucks.

    “The best way to handle these breaches is to not entrust your personal information with these IoT devices”
    A naive statement/advice considering that most IoT devices have the data harvesting function baked in, it is done without the user’s permission or knowledge and is sent home to mama. Since data is fungible, everybody wants to have as much of it as they can harvest.

    The best way to protect IoT devices from breaches is the same as the best way to protect computers from hackers and that is not to connect to the Internet. We know that is not feasible. Considering that IoT devices are, at their core, processors, they must have the same protections as the processors in our PCs, i.e. firewalls, AV, anti-malware, etc.

Comments are closed.