2 min read

124 Million Rows of Customer Data Exposed Through Leaky Adorcam Database

Alina BÎZGĂ

February 16, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
124 Million Rows of Customer Data Exposed Through Leaky Adorcam Database

An unsecure database owned by webcam app Adorcam has exposed thousands of user accounts, according to security researcher Justin Paine.

Adorcam is a specialized app built for P2P IP webcams, allowing iPhone and Android users to control and watch livestream videos from their home by entering their camera ID and password.

The leaky database, discovered on an ElasticSearch server last month, included 124 million rows of customer data.

Exposed data

The researcher found various types of data, including user email address, client IP, user ld, web camera serial number, country location, SSID/ wireless network name and camera settings, such as the state of any embedded microphones.

Paine emphasized the sensitive nature of some user entries:

“Of particular interest – the leaked information included sensitive details regarding their MQTT (a common standard messaging protocol for the Internet of Things (IoT) server,” he said. “Leaked fields include: hostname, port, password, and username.”

Some data rows also include email addresses the user shared web camera access with, and links that seem to leak to images captured by the webcam.

“I was not able to successfully load one of these images, but it seems like it could have exposed sensitive private images captured by the web camera,” Paine added.

Associated risks

Even if the leaked information was not highly sensitive, malicious actors could still use the data in phishing campaigns.

In his report, Paine provided an example of a convincing email:

Hi $ACCOUNT_EMAIL_ADDRESS

This is Bob from Adorcam customer support. We noticed your $CAMERA_TYPE with $CAMERA_SERIAL_NUMBER seems to be malfunctioning on your wireless network named $WIRELESS_SSID_NAME.

Please login at $PHISHING_URL to resolve this issue.

Thanks, Adorcam customer support

Paine goes on to explain that a certain level of trust and credibility could be established using particularities of the leaked webcam information.

“The malicious actor would have plenty of details to establish trust and credibility with the victim of the phishing attack,” Paine said. “The attacker also had geographic information to launch a targeted attack in the user’s native language.”

Last but not least, exposed credentials, hostnames, and MQTT server details could allow cybercriminals to connect, download or modify user data remotely.

The researcher contacted Adorcam developers on January 14. The database was secured five days later.

Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Parents’ Credit Card Info Stolen in Australian High School Hack Parents’ Credit Card Info Stolen in Australian High School Hack
Alina BÎZGĂ

January 31, 2023

1 min read
Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says
Alina BÎZGĂ

January 30, 2023

2 min read
Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens
Alina BÎZGĂ

January 27, 2023

2 min read