Have you ever been the victim of identity theft? If you have had your identity stolen, you know how hard it can be to clean up the mess it leaves behind.
The problem is, it can be a difficult crime to avoid. There are many ways you can end up a victim of identity theft, but one of the most common is via hacks or data leaks that expose your personal information. If these criminals get their hands on your information, you could end up a victim of the worst identity theft scam you’ve never heard of.
A data leak by a popular webcam app just put thousands of users at risk of these types of issues. This app exposed tons of sensitive user data, including email addresses and location information via an open database on the internet. Here’s what happened and what you can do to protect yourself.
Here’s the backstory
Are you using the Adorcam app? It lets you view and control several different webcam models, including Zeeporte and Umino cameras. If so, you should know that the Elasticsearch database belonging to Adorcam was recently exposed online for anyone to access.
Security researcher Justin Paine initially discovered the data exposure. According to Paine’s blog post, there was a ton of sensitive user data in the database.
When the database was first discovered, Paine verified that it was updated in real-time by signing up for Adorcam with a new account. Paine then searched for and found his information in the database, confirming that the database was exposed and updated with user account information in real-time.
Paine also noted that the database contained about 124 million rows of data connected to several thousand users. This information included live details about user webcams, including location, whether the mic was active and even the name of the Wi-Fi network that the camera was using to connect.
Even more troubling? The database included personal information about webcam owners, such as email addresses. There was also evidence of still shots uploaded by the webcams to the app cloud, but Paine could not verify the information due to expired links.
Paine also found hardcoded credentials for the app’s MQTT server in the database but opted not to test the credentials due to legality issues. He did, however, alert Adorcam to the problem and asked them to secure the database.
How does this affect Adorcam users?
The good news is that while the database contained some personal and account information, the information was relatively limited in terms of sensitivity. It does not appear from Paine’s report that there was credit card or payment information in the database or extensive personal information.
That said, there are risks involved with leaving user information exposed like this. Cybercriminals could use this information to phish for victims or extort money from users whose data was exposed.
What can Adorcam users do to secure their accounts?
If you are an Adorcam user, it may be time to tighten up your account’s security. It’s impossible to tell what, if any, of your personal information was exposed by this open database, so it’s best to take precautions just in case.
Aside from using unique passwords across multiple accounts, there are a few additional steps you can take to keep accounts secure and passwords out of the wrong hands.
- Change your passwords: If you have an account with Adorcam, you should change any passwords associated with that email address. There’s no indication that this database got into the wrong hands before it was secured, but you can never be too careful.
- Use unique passwords: If you’re reusing passwords across accounts, it’s time to stop. Take the time to come up with unique passwords so that if and when data is leaked, you won’t run the risk of having your other accounts compromised.
- Two-factor authentication: Use 2FA whenever it’s available. This second form of verification adds an extra layer of security to your accounts and makes it much harder for others to access your accounts without permission.
- Do a privacy checkup: If you’re using the same account passwords across several accounts, you should spend some time doing a privacy checkup. Use a service like HaveIBeenPwned to see if that email address was involved in any major data breaches.
Tips for buying secure webcams
When shopping for a webcam, make sure you look for reputable brands with a history of strong security. You should also opt for brands offering two-factor authentication to keep out unwanted eyes. If you don’t, you could end up hackers watching your house and what you’re doing via the internet.
If you’re looking for a camera to help protect your home, our sponsor, SimpliSafe, is one of the best and most secure options around. It’s the only home security system Kim recommends. Go to SimpliSafeKim.com right now and receive a 60-day, money-back guarantee, free shipping and free returns.