On July 1st of 2019, the cyber security company VpnMentor released one testing report to remind ORVIBO that there is security risk at ElasticSearch, the 3rd party’s log system applied in ORVIBO’s AWS servers located in North America. ORVIBO’s technical and security teams immediately took actions to fix this vulnerability risk and confirmed there is no any lost on actual end users within the same day. After that, VpnMentor also updated its related report at their blog to confirm ORVIBO had fixed the vulnerability. VpnMentor had also informed related overseas media so that those media updated the news report that ORVIBO has secure the potential risk. Remarks: Screenshot for reference.
For some media’s misreport of “2 Billion Users Data Leak”, our clear statement as below:
VpnMentor’s research report said that there is security vulnerability at the 3rd party log system tool named ElasticSearch applied in ORVIBO’s AWS server located in North America. The risk period is only few days and it is only one kind of potential security risk, it had not caused any
lost or impact on actual end users in fact.
VpnMentor reported that the security risk will cover 2 billion data which means 2 billion testing & simulation log record, not actual users’ data. ORVIBO has 3 million actual end users worldwide not 2 billion users. There is obvious misreport of 2 billion end users data leak. Definitely speaking there is no any lost or negative impact on actual end users.
VpnMentor is a professional cyber security organization. Due to their timely notice, by confirmation and evaluation from ORVIBO’s cyber security team, there has no other 3rd parties visiting or downloading the log record. After we fixed the vulnerability, the security risk had been completely and timely removed. ORVIBO immediately upgraded password encryption mechanism and protection system of users account and password resetting.
- The 3rd party’s log system tool ElasticSearch with vulnerability risk was only applied in one ORVIBO AWS server in North America. It only affected partial regions. So this will not affect other countries or regions’ IOT end users except North America area.
- ORVIBO has tightly cooperated with professional cyber security companies and invested lot of resources into cyber security in order to strengthen the safe reliability of ORVIBO global IOT servers. We also set up one specified email address: firstname.lastname@example.org for any cyber security information or communication. ORVIBO hopes to utilize global cyber security strength to improve information security of IOT industry.
- ORVIBO reserves the legal prosecution rights for the media who post false report.