Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This top security camera streaming app may have been putting thousands of users at risk

CyberNews
Data leak.
  • Virtavo, a company selling web cameras and other security solutions, was found exposing user data
  • Researchers at Cybernews found a large database full of PII unprotected
  • The archive has since been closed down

Home security solutions provider Virtavo has been accused of harvesting and exposing sensitive data on (possibly) hundreds of thousands of users.

Cybersecurity researchers from Cybernewsfound an exposed data server with 3GB of personal information and telemetry from iPhones. in the summer of 2023

All the information had one thing in common - it was generated from an app called Home V, which manages Virtavo security cameras. These cameras allow video streaming, playback, two-way communication, motion alerts, and more.

Hundreds of thousands of users

The database included people’s phone numbers, device identifiers, IP addresses, firmware versions, and other device, network, and user information. The researchers said the data could be used to identify camera owners, which is particularly concerning. Furthermore, the data was updated in real-time, which is the Holy Grail of data for all cybercriminals.

In total, the server held more than 8.7 million records. Not all of them were unique, and some identifiers appeared up to 50 times. This led the researchers to speculate that at least 100,000 users are affected by the leak.

Most are located in China, but there are plenty of users from other parts of the globe, as well.

“The detailed device identifiers, IP addresses, user phone numbers, and other personal information can be exploited by malicious actors for various purposes, including targeted attacks, unauthorized access, identity theft, and surveillance,” the researchers said. “Updates in real-time exacerbate the issue, as it allows for continuous collection of fresh data.”

The researchers reported their findings to both the company and the Chinese Computer Emergency Response Team (CERT), and the server was subsequently shut down. However, it remains unclear if any malicious actors found it before.

Via Cybernews

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
FDA restricts psychoactive mushroom used in some edibles
The regulator warned food manufacturers that Amanita muscaria –  more commonly known as the fly agaric – and the compounds it contains are not authorized to use
The Independent UK
The Independent UK
“I go to church every Sunday when I’m home. Especially now I’ve replaced the booze with glue”: From GN’R and Pantera to Ozzy Osbourne and God, Zakk Wylde is the most connected man in rock
It’s Zakk Wylde’s world - we just live in it
Metal Hammer
Metal Hammer
My husband and I tried the Scandi Sleep Method and love it — 3 reasons you will too
We avoided a sleep divorce thanks to the Scandinavian Sleep Method, but will it work for you too? Three telltale signs that it will...
Tom’s Guide
Tom’s Guide
45 Years Ago, A Disney Misstep Was A Secret Sci-Fi Masterpiece
The haters were wrong. On its 45th birthday, 'The Black Hole' is just as wonderfully manic as ever. Here's why this flop is actually worth your time.
Inverse
Inverse
Black long COVID patients ignored
New research found that those living with long COVID in the U.S. had significantly more anxiety and depression
Salon
Salon
Jared Leto’s latest ‘iconic’ role leaves fans divided
‘Skeletor was going to make or break this movie,’ said one fan
The Independent UK
The Independent UK
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play