Massive Smoke Alarm Privacy Breach In Australia.
Massive Smoke Alarm Privacy Breach – Cybersecurity Researcher Jeremiah Fowler has discovered and reported to vpnMentor a non-password protected database containing more than 700,000 documents belonging to Australia’s largest smoke alarm installation and service provider, Smoke Alarm Solutions.
The exposed database contained 762,856 documents and totalled 107 GB. Upon further research, it was indicated that the data belonged to Smoke Alarm Solutions, an Australian company specializing in the installation and maintenance of smoke detectors.
The publicly exposed files contained customer information, including detailed invoices, records of inspections, estimates, compliance reports, electrical safety inspections, service quotes, and service reports.
The publicly accessible documents provided a comprehensive view of the company’s transactions and customer interactions. The database contained 355,384 documents marked as invoices, dated 2021-2024. This number gives a basic idea or estimate of how many individuals could be potentially affected by the exposure.
Additionally, there were 24,632 documents marked as ‘on site quotes’ that contained the names and email addresses of the business, agent, or individual obtaining a quote.
Massive Smoke Alarm Privacy Breach In Australia
“In a limited sample and manual review of the exposed database, I didn’t see any duplicate documents or information — the documents appeared to be unique,” Fowler said.
“I immediately sent a responsible disclosure notice to Smoke Alarm Solutions and the database remained open to public access. I received a reply from a technology consultant representing the company that read:
“We are aware of this data store. Its state is the unfortunate side effect of some work by a previous system integrator. We are actively migrating to a new customer management platform. We will block all access (or more likely, decommission) this data store as soon as we have migrated the data to our new platform”.
However, according to Fowler, the records were still accessible nearly 2 months after his first responsible disclosure notice.
“I sent numerous follow-up emails including official support links to information on how to restrict public access to the database and finally the database was secured,” Fowler said. “It is unclear how long the documents were exposed or who else may have gained access to them. Only an internal forensic audit conducted by Smoke Alarm Solutions could identify this information.”
Massive Smoke Alarm Privacy Breach In Australia
In Australia, all properties are legally required to have smoke alarms installed on every level of a home. This includes owner-occupied homes, rental properties, relocatable homes, caravans, camper-vans, or any other residential buildings. The market size of the Fire and Security Alarm Installation Services industry in Australia was estimated to be $4.0bn in 2023.
“Companies offer subscription services to help private individuals, landlords, and real estate companies stay compliant with the law,” Fowler said.
“A unique dynamic arises anytime customers are using a service or a product that is legally required, as it typically involves a regulated market. As such, it’s important that these companies provide a high-quality service, which includes safeguarding their consumers’ data to the best of their ability.”
You can find out more about vpnMentor here or read more SEN news here.
“Massive Smoke Alarm Privacy Breach In Australia.”