According to Tech Crunch, Theta360 camera owners had their private photos exposed after a cloud databased was left open without a password.
Ricoh is a Japenese tech giant that sells a number of electronic products one of them being the Theta360 camera, which debuted in 2014. Since its debut, millions of 360-degree cameras have been sold. Users of the device can upload and share their photos and videos to the cloud using the camera. However, two security researchers, Noam Rotem and Ran Locar, found the cloud database exposed and reached out to TechCrunch.
According to the researchers, “anyone with access to the database could have easily accessed any of the 11 million photos stored online.”
The researchers reported the exposure to Ricoh, and it secured the database within a day. A spokesperson from the company, John Greco, also confirmed the exposure saying:
“Ricoh was recently notified of this configuration issue and corrected it within hours. We take the security of customer information extremely seriously. It’s important to note that before the resolution, further steps beyond accessing the records would have been necessary and would require a deeper level of expertise to ultimately view the images. Today, private photos are only accessible to those with a direct link, a design feature that is intended to allow customers to share their images.”
Although Ricoh did not say how long the database was exposed, “the build date of the database suggests it was created on April 1. But Shodan, a database for exposed devices and databases, first spotted the database on May 9.”