Hacktivists Noam Rotem and Ran Locar from vpnMentor, found that a user database belonging to a Chinese company called Orvibo that operates a smart home device management platform and also runs an Internet of Things (IoT) management platform, had been left exposed to the Internet without any password to protect it.
The database includes more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation.
A Kibana web-based app that makes navigating through the data contained in that database easier was also left with no password protection.
Orvibo is a Chinese company that operates a smart home device management platform. The Orvibo website boasts of a secure cloud providing a “reliable smart home cloud platform,” and goes on to mention how it “supports millions of IoT devices and guarantees the data safety.”