A team of self-styled "hacktivist" security researchers, with an impressive track record of exposing breach after breach as part of a web-mapping project that searches for vulnerabilities within online databases, has disclosed one of the biggest to date.
The researchers in question, Noam Rotem and Ran Locar from vpnMentor, found that a user database belonging to a Chinese company called Orvibo, which runs an Internet of Things (IoT) management platform, had been left exposed to the Internet without any password to protect it.
So far, so appalling. But it gets even worse when you discover that the database includes more than 2 billion logs containing everything from user passwords to account reset codes and even a "smart" camera recorded conversation.