Orvibo is a Chinese manufacturer of smart home solutions
These are devices that allow owners to manage connected smart appliances in their home, remotely control lighting, security, HVAC and home entertainment devices, as well as monitor energy usage.
Data from those operations are hosted on the company's Smart Home cloud platform.
Orvibo sells its products all over the world, and they have a footprint in the US market. So if you use their products, be advised that the company has been informed of an exposed, unprotected Elasticsearch cluster containing more than two billion customer records. Worse, at the time this piece was written, the company had not taken steps to protect the exposed database, which is still growing as new data is added to it.
Among the customer data exposed were things like:
- Email Addresses
- IP Addresses
- Username and User ID
- Family name and Family ID
- Device name and Device that accessed the account
- Passwords
- Account reset codes
- Precise user geolocation
- Recorded conversations captured via Smart Camera
- Scheduling information
In other words, this is as complete and comprehensive as it gets. Basically, every bit of information Orvibo has on you and your family is open on the web where anyone can see it. In addition, if a hacker were to gain access to your account, he could change the email address and password. If that happened, you'd' literally never be able to regain control of your own account. That would give the hackers unfettered access to everything you had connected to the service, including video camera feeds until you disconnected yourself from it.
Our perspective
If you use Orvibo equipment, you should change your password immediately and hope that when you do, the change isn't updated in the still-open database. If you can afford to, change your password and then simply disconnect from the service until the company resolves the issue.
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.
