Cybernews reports that security camera maker Virtavo had information from more than 100,000 users of its Home V App for iOS, most of whom are in China, potentially exposed as a result of a misconfigured Elasticsearch server that was secured nearly two months after disclosure.
Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers. "The device identifiers, such as MAC addresses, point to Virtavo as a vendor. This information could potentially help to exploit Virtavo cameras and identify their owners. The exposure of this data highlights significant lapses in data security practices," said researchers, who also noted Virtavo's excessive data gathering activities. Such a development should prompt organizations to not only ensure the security of their Elasticsearch instances but also conduct data encryption and access monitoring activities while adhering to the principles of data minimization.
