- Virtavo, a company that sells webcams and other security solutions, was found to be exposing user data.
- Cybernews Researchers Found Large Database Full of Unprotected PII
- The file has since been closed.
Home security solutions provider Virtavo has been accused of collecting and exposing sensitive data from (possibly) hundreds of thousands of users.
Cybersecurity researchers cyber newsfound an exposed data server with 3GB of personal information and telemetry from iPhones. in summer 2023
All the information had one thing in common: it was generated from an application called Home V, which manages Virtavo security cameras. These cameras allow video streaming, playback, two-way communication, motion alerts, and more.
Hundreds of thousands of users
The database included people’s phone numbers, device identifiers, IP addresses, firmware versions, and other device, network, and user information. Researchers said the data could be used to identify camera owners, which is particularly concerning. Furthermore, the data was updated in real time, which is the Holy Grail of data for all cybercriminals.
In total, the server contained more than 8.7 million records. Not all of them were unique and some identifiers appeared up to 50 times. This led researchers to speculate that at least 100,000 users are affected by the leak.
Most are located in China, but there are also many users from other parts of the world.
“Detailed device identifiers, IP addresses, user phone numbers, and other personal information can be exploited by malicious actors for a variety of purposes, including targeted attacks, unauthorized access, identity theft, and surveillance,” the researchers said. researchers. “Real-time updates exacerbate the problem by allowing the continuous collection of new data.”
The researchers reported their findings to both the company and the Chinese Computer Emergency Response Team (CERT), and the server was subsequently shut down. However, it is not clear if any malicious actors found it before.
Through cyber news
