Russian video surveillance company IVideon data breach: over 820,000 records leaked
Researchers at the Kromtech Security Center recently discovered that a MongoDB database belonging to iVideon, a Russian video surveillance company, has not been protected and is open to the public. From the contents of the database, it seems to cover the entire user group of iVideon Inc., including the login name, email address, password hash, server name, domain name, IP address, subaccount, and software settings of its users and partners. And payment setup information (does not include any credit card data).
According to the Google Play Store product description, iVideon is a free multi-platform monitoring service that can run on almost any available platform such as MacOS, Windows, Linux, IOS, and Android. Can be used for video surveillance, remote video surveillance, and video recording for security cameras, DVRs, and NVRs, and is now built into the firmware of many major brand camera products such as iLuv, Oco, Philips, Axis, Dahua, and Haikang. Granville, Milesight, etc.
The specific items and quantities contained in the database are as follows. Clearly, more than 820,000 (825,388) users and 132 partners are affected:
- servers.info: 12533
- ivideon.servers: 810871
- ivideon.partners: 132
- ivideon.users: 825388
iVideon promptly took action after receiving notification of the online exposure of the database and responded to the investigation after conducting the investigation. The company responded that the server was used for load testing of the auth API in February 2016, but the testing strategy has been revised since 2017, so this type of security issue will not recur.
According to a survey, not only is Kromtech security center, this database seems to have been discovered by some Internet hackers, and in this way issued extortion to iVideon. The hacker asked iVideon to pay 2 Bitcoin as a ransom, but iVideon ultimately chose not to compromise because they were confident in the security of their data generated using the Bcrypt algorithm and confirmed that the data that could be removed by hackers was limited to a small percentage.
