Orvibo is a management platform for the Internet of things (IoT) and is based in Shenzhen, China. Clientele of the company includes anything from big users of smart home technology, such as hotels, energy companies, and security, to personal users of AI smart home tech. They claim to have hundreds of different automation and smart home products.

Lack of protection

Researchers found that the Chinese firm was being used without any password protection, leaving files at risk of exposure to hackers, viruses and security problems, amongst other potential issues.

Forbes reported that the firm is home to over 2 billion logs that include information from user passwords to account reset codes. Other breaches include the information on precise geolocation and scheduling information.

Personal information such as names, email address and home addresses were also left unprotected.

vpnMentor, who discovered the issue, highlighted the particular worry to be around reset codes when saying in a report, “These would be sent to a user to reset either their password or their email address.” Adding that, “with that information readily accessible, a hacker could lock a user out of their account without needing their password. Changing both a password and an email address could make the action irreversible.”

Exposing data

The IoT company have logs all over the world, according to vpnMentor, inclusive of Europe, The Americas, and Australia.

It was only on 2^nd July that Orbivo responded to the breach, which they had been alerted to over 2 weeks before. (Ed: ORVIBO have now stated publicly that they had already secured the vulnerability by July 2nd).

The researchers also commented on the worrying amount of data that had been exposed. In the blog post, they said, “There was enough information to put together several threads and create a full picture of a user’s identity,”

Hashing passwords

Orvibo has also been using the MD5 hashing mechanism to protect passwords, which leaves passwords both insecure and easy to crack.

Adding to this, the company also failed to salt passwords, which is a cryptography method used to safeguard passwords and make them more secure.

vpnMentor added “Even with strong passwords, however, Orvibo’s database included a dangerous piece of information,”

“When examining their records, we found account reset codes in the data logs. These would be sent to a user to reset either their password or their email address. With that information readily accessible, a hacker could lock a user out of their account without needing their password.”

The post Orvibo expose billions of data to hackers in huge breach appeared first on DevOps Online North America.

A Paris-based security expert called Benkow, who brought this to the attention of the CZnet news site, found the Spambot discovery.

According to Benkow, the Spambot hides tiny pixel-sized images in sent out emails, collecting information about the computers targeted, and affecting different types of devices with malware attachments that consumers may perceive as business invoices.

He acknowledged that it was “difficult to know where the credentials had come from”, but suggested that it might be from a phishing campaign on Facebook.

The hackers gathered details of the accounts’ simple mail transfer protocol port and server settings, with the information collected used to fool email providers’ spam-detecting systems into letting blocked messages accessible, according to the BBC.

‘Be more vigilant with received emails’

Richard Cox, former chief information officer of the Spamhaus project, told the BBC: “While the list of email addresses is quite large, it is probably no larger than any seen previously.

“The lists of compromised accounts are more worrying.

“When compromised accounts are used for spam, they can only be stopped by their providers suspending the account – but when that many are involved, it will severely overload the security/abuse departments of those providers, making it a slow process and that is what keeps the spam flowing.”

Affected users are able to check if their email addresses have been targeted, but not if their accounts have been hijacked.

Benkow also noted users should change their passwords and be more vigilant with received emails.

Written by Leah Alger

The post Spamming operation hijacks 711.5 million email addresses appeared first on DevOps Online North America.