New Mass Shooting Prevention Bill Will Use 'Anti-Terrorism' Methods To Ramp Up Surveillance Of Students
New York Police Union: Lying And Violating Rights Is Just Part Of Everyday Police Work

Whirlpool Left Appliance Data, User Emails Exposed Online

Failures

from the internet-of-very-broken-things dept

Fri, Oct 25th 2019 1:37pmKarl Bode

Another day, another shining example of why connecting everything from your Barbie dolls to tea kettles to the internet was a bad idea. This week it's Whirlpool that's under fire after a researcher discovered that the company had failed to secure a database containing 28 million records collected from the company's "smart" appliances. The database contained user email addresses, model names and numbers, unique appliance identifiers, and data collected from routine analysis of the appliances' condition, including how often the appliance is used, when its off or on, and whether it had any issues.

Needless to say this is just the latest example of security researchers doing companies' jobs for them after they connected their products to the internet, then failed to adequately secure the data gleaned from them. For its part, Whirlpool told the researcher that they managed to secure the information within a few days of being alerted earlier this month:

"Our company was recently made aware of a potential security concern with respect to one of its databases. The database was immediately taken offline and secured. Our investigation showed that 48,000 emails were publicly available – but no confidential information was exposed. We are in the process of reaching out to impacted consumers. Our company appreciated this notification so the issue could be quickly addressed."

Granted these kinds of issues occur at least once a week at this point, highlighting how companies were so excited to connect everything to the internet, they never stopped to ask if it was really necessary. A new study by hardware security company nCipher drives that point home, highlighting how the majority of IT professionals are terrified of the security nightmare we've created in the internet of broken things era:

"Sixty-eight percent of these professionals worried that hackers will simply alter the function of an IoT device. Fifty-four percent are concerned that IoT devices will come under the remote control of people with nefarious purposes or merely cruel senses of humor."

As security experts have long noted, there's no market solution to this problem because neither the hardware vendors nor the consumers actually care, given the privacy and security shortcomings (usually) only harm other people. The consumer doesn't care, often because they're never informed that this data is bouncing around the internet unsecured. The vendors don't care, because they're already on to marketing the next product and don't want to retroactively improve and secure their products. And government is, well, busy right now trying to chew gum and walk at the same time.

That's what makes efforts to educate consumers by including privacy features and security practices as part of product reviews so important. It's at least a fleeting attempt to generate some form of organic punishment for companies who treat security and privacy as a distant afterthought.

Filed Under: breach, data, iot, leak, security, smart appliances
Companies: whirlpool

Leave a Comment

If you liked this post, you may also be interested in...

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

New Mass Shooting Prevention Bill Will Use 'Anti-Terrorism' Methods To Ramp Up Surveillance Of Students
New York Police Union: Lying And Violating Rights Is Just Part Of Everyday Police Work
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Friday

15:44 New York Police Union: Lying And Violating Rights Is Just Part Of Everyday Police Work (4)
13:37 Whirlpool Left Appliance Data, User Emails Exposed Online (0)
11:59 New Mass Shooting Prevention Bill Will Use 'Anti-Terrorism' Methods To Ramp Up Surveillance Of Students (6)
10:45 Indian Court Orders Global Takedown Of 'Defamatory' Video From YouTube, Twitter, Facebook (16)
10:40 Daily Deal: The Ultimate Adobe CC Training Bundle (0)
09:18 Google And Facebook Didn't Kill Newspapers: The Internet Did (13)
06:20 Like The Rest Of Its 5G Footprint, Verizon 5G Sports Venue Availability Is Being Overhyped (8)
03:17 Skynet, But For Welfare: Automating Social Services Is Killing People (38)

Thursday

19:58 TV Network Declares IPTV Tool Copyright Infringing, Even Though It's Just A Tool (36)
15:52 Aussie Censorship In Action: National Enquirer Editor Threats Get Bookstores To Block Sale Of Ronan Farrow Book (34)
More arrow
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.