This top security camera streaming app may have been putting thousands of users at risk

News
By published

Virtavo was collecting data in real time and keeping it in an unsecure location

Data leak
(Image credit: Shutterstock)
  • Virtavo, a company selling web cameras and other security solutions, was found exposing user data
  • Researchers at Cybernews found a large database full of PII unprotected
  • The archive has since been closed down

Home security solutions provider Virtavo has been accused of harvesting and exposing sensitive data on (possibly) hundreds of thousands of users.

Cybersecurity researchers from Cybernewsfound an exposed data server with 3GB of personal information and telemetry from iPhones. in the summer of 2023

All the information had one thing in common - it was generated from an app called Home V, which manages Virtavo security cameras. These cameras allow video streaming, playback, two-way communication, motion alerts, and more.

Hundreds of thousands of users

The database included people’s phone numbers, device identifiers, IP addresses, firmware versions, and other device, network, and user information. The researchers said the data could be used to identify camera owners, which is particularly concerning. Furthermore, the data was updated in real-time, which is the Holy Grail of data for all cybercriminals.

In total, the server held more than 8.7 million records. Not all of them were unique, and some identifiers appeared up to 50 times. This led the researchers to speculate that at least 100,000 users are affected by the leak.

Most are located in China, but there are plenty of users from other parts of the globe, as well.

“The detailed device identifiers, IP addresses, user phone numbers, and other personal information can be exploited by malicious actors for various purposes, including targeted attacks, unauthorized access, identity theft, and surveillance,” the researchers said. “Updates in real-time exacerbate the issue, as it allows for continuous collection of fresh data.”

The researchers reported their findings to both the company and the Chinese Computer Emergency Response Team (CERT), and the server was subsequently shut down. However, it remains unclear if any malicious actors found it before.

Via Cybernews

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Security padlock and circuit board to protect data
A major US TV broadcaster leaked over a million sensitive files online
A graphic showing fleet tracking locations over a city.
Disability monitoring tool leaked personal information online
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Open AI

OpenAI live stream - could we see a major ChatGPT upgrade?
See more latest
Most Popular
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'