15 February 2021

Adorcam webcam app exposed online thousands of users accounts


Adorcam webcam app exposed online thousands of users accounts

An iOS and Android web camera application installed by thousands users left exposed online its database containing the customer information.

The ElasticSearch database found by security researcher Justin Paine belonged to Adorcam, a web camera application, which provides a P2P connection for IP web camera brands such as Zeeporte and Umino.

According to Paine, the exposed database contained 124 million rows for the several thousand users, including their email addresses, hashed passwords, WiFi network name, web camera settings including microphone state, country geo location, web camera serial number, and potentially images captured by the web cameras.

The researcher also discovered that the leaked info included sensitive details regarding MQTT server (a common standard messaging protocol for the Internet of Things (IoT) server), such as hostname, port, password, and username.

Paine verified that the database was updating live by signing up with a new account and searching for his information in the database. The researcher contacted Adorcam over the issue and the database was secured.

If this data was to fall into the wrong hands, it could be used for very convincing social engineering attacks, phishing campaigns, or targeted attacks against users in a specific region.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021