Thursday, November 14, 2024
HomeSecurity News825,000 Subscribers and Partners Records Leaked from Russian-based Video Surveillance Firm -...

825,000 Subscribers and Partners Records Leaked from Russian-based Video Surveillance Firm – iVideon

Published on

Malware protection

More than 825,000 subscribers and partners personal Records exposed online due to a misconfiguration with MongoDB that belonging to Russian-based video surveillance firm iVideon.

iVideon is multi-platform that allows subscribers to aggregate, access, view over the Internet, and record locally or to iVideon’s secure cloud storage, nearly any Internet-capable CCTV camera, DVR system, baby monitor, webcam, nanny cam, or even phone, computer, and tablet cameras. It supports for almost every available platform MacOS, Windows, Linux, IOS, and Android.

Kromtech Security Center detected the unprotected MongoDB open to the public. According to researchers the leaked iVideon’s database contains logins, email addresses, password hashes, server names, domain names, IP addresses, sub-accounts, software settings, and payment settings information (we did not see any credit card data) for both individual subscribers and partners.

Following are the database and records left unprotected online

- Advertisement - SIEM as a Service
servers.info: 12533
ivideon.servers: 810871
ivideon.partners: 132
ivideon.users: 825388

Kromtech Security Center reported to iVideon about the exposed database and it was immediately taken down by the firm.

In response to Kromtech security, iVideon says “User info only included email, IP address and password hashes produced by a strong Bcrypt algorithm. No information related to payments, usage stats or means of getting access to user’s private data was present in the compromised DB.

Partner data seen in the DB was real, containing only partner companies’ names and UI settings for their apps.”

But it appears “did not look sanitized to us,” says Kromtech Security and they can see the password hashes, domain names, email addresses, server addresses, and other entries, all varied and appeared to be legitimate.

Also, it appears the database was compromised in some fashion and attackers and the attacker’s demand for .2 bitcoin ransom. The wallet they used appears received two payments.

Russian-based video surveillance

MongoDB provides a list of security checklist that you should implement to protect your MongoDB installation.

Recently Exposed MongoDB

California Voter Database Leaked – 19 Million Voters Records Under Risk
Hackers Stole More than 19 Million Records of California State Voter Database
31 Million Data Leaked Online Reveal that keyboard App Collects Everything from Contacts to Keystrokes

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

GitLab Patches Critical Flaws Leads to Unauthorized Access to Kubernetes Cluster

GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community...

Windows 0-Day Exploited in Wild with Single Right Click

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows...

Automating Identity and Access Management for Modern Enterprises

Keeping track of who has access and managing their permissions has gotten a lot...

Finding The Right E-Commerce Platform – Comparing Reselling Solutions

If you’re looking to make some extra cash or to start a business, you...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...