A security researcher has discovered an exposed database of webcam app Adorcam users containing nearly 124 million rows of data for the several thousand users.
It included live details such as its location, whether the microphone was active and name of the WiFi network that the camera is connected to, along with information about the webcam owner such as email addresses.
The webcam app left an exposed database packed with user data on the internet without a password, reports TechCrunch, via security researcher Justin Paine.
The app provides a P2P connection for IP web camera brands such as Zeeporte and Umino.
“The leaked data includes user email addresses, hashed passwords, wifi network name, and potentially images captured by the web cameras,” Paine wrote in a blog post.
The Google Play Store indicates that the Android version of Adorcam’s mobile app has more than 10,000 installs.
It’s unclear how popular the iOS version is.
The Zeeporte web camera available on Amazon has more than 2,300 reviews.
“The information leaked in this database could easily be used for a very convincing social engineering attack. Someone could approach any of the customers in this database,” Paine said.
The malicious actor would have plenty of details to establish trust and credibility with the victim of the phishing attack.
“The attacker will also have geographic information to launch a targeted attack in the user’s native language”, the security research noted.
The database was updating live by signing up with a new account and searching for his information in the database.
Adorcam was yet to react to the report.
Adorcam app is specially built for P2P IP camera series. The users only need to enter the camera ID and password to watch real-time video from any purchased IP camera on their mobile phone and no complicated IP or router settings are required.