Whirlpool Left Appliance Data, User Emails Exposed Online

from the internet-of-very-broken-things dept

Another day, another shining example of why connecting everything from your Barbie dolls to tea kettles to the internet was a bad idea. This week it's Whirlpool that's under fire after a researcher discovered that the company had failed to secure a database containing 28 million records collected from the company's "smart" appliances. The database contained user email addresses, model names and numbers, unique appliance identifiers, and data collected from routine analysis of the appliances' condition, including how often the appliance is used, when its off or on, and whether it had any issues.

Needless to say this is just the latest example of security researchers doing companies' jobs for them after they connected their products to the internet, then failed to adequately secure the data gleaned from them. For its part, Whirlpool told the researcher that they managed to secure the information within a few days of being alerted earlier this month:

"Our company was recently made aware of a potential security concern with respect to one of its databases. The database was immediately taken offline and secured. Our investigation showed that 48,000 emails were publicly available – but no confidential information was exposed. We are in the process of reaching out to impacted consumers. Our company appreciated this notification so the issue could be quickly addressed."

Granted these kinds of issues occur at least once a week at this point, highlighting how companies were so excited to connect everything to the internet, they never stopped to ask if it was really necessary. A new study by hardware security company nCipher drives that point home, highlighting how the majority of IT professionals are terrified of the security nightmare we've created in the internet of broken things era:

"Sixty-eight percent of these professionals worried that hackers will simply alter the function of an IoT device. Fifty-four percent are concerned that IoT devices will come under the remote control of people with nefarious purposes or merely cruel senses of humor."

As security experts have long noted, there's no market solution to this problem because neither the hardware vendors nor the consumers actually care, given the privacy and security shortcomings (usually) only harm other people. The consumer doesn't care, often because they're never informed that this data is bouncing around the internet unsecured. The vendors don't care, because they're already on to marketing the next product and don't want to retroactively improve and secure their products. And government is, well, busy right now trying to chew gum and walk at the same time.

That's what makes efforts to educate consumers by including privacy features and security practices as part of product reviews so important. It's at least a fleeting attempt to generate some form of organic punishment for companies who treat security and privacy as a distant afterthought.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: breach, data, iot, leak, security, smart appliances
Companies: whirlpool


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 25 Oct 2019 @ 5:40pm

    data collected from routine analysis of the appliances' condition, including how often the appliance is used, when its off or on, and whether it had any issues.

    That seems like the type of thing that could help the company build better products. Except popular opinion is that the opposite is happening, that they could already make a good product in the 1970s and stopped doing it around the 1990s. So they're probably just trying to increase their profit margins.

    link to this | view in thread ]

  2. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 25 Oct 2019 @ 10:57pm

    Well, I would like to add just one thing to this discussion. Good for Techdirt! You know why?

    For the longest time, Techdirt silenced my voice. I had to travel from place to place, connecting to strange wireless networks, riding trains to far-away lands, just to find an IP address that Techdirt would not block.

    And now, it's OVER! Techdirt stopped blocking me! Good for you! I think if you follow that up with not censoring comments, you could be moving towards a new found legitimacy and openness that is worthy of RESPECT!

    That would be a first! Good for you! NO MORE MODERATION! NO MORE CENSORING! NO MORE IP BLOCKING!

    Did I mention that Tucker Carlson is going to run for President? I'm not kidding - he went to North Korea with Trump, did you catch that? Trump likes him. And Tucker can out-debate anyone, especially morally repugnant assholes that often frequent this site. AND, Tucker believes in Free Speech.

    Who here would vote for Tucker after 2 terms of Trump? STAND UP AND BE COUNTED!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 25 Oct 2019 @ 11:52pm

    Re:

    lol

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 26 Oct 2019 @ 3:16am

    Re:

    That seems like the type of thing that could help the company build better products.

    More like marketing has convinced the company that data is valuable if they can sell it or mine it to increase sales.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 26 Oct 2019 @ 5:26am

    Really?

    but no confidential information was exposed.

    Just a treasure trove of information for scammers and fishers to use.

    link to this | view in thread ]

  6. icon
    nerdrage (profile), 26 Oct 2019 @ 12:21pm

    IoT is a disaster waiting to happen.

    In the meantime, I am prohibiting internet access to my refrigerator, microwave, coffee pot or other items with no need to connect to anything but a damn power source.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 27 Oct 2019 @ 1:42am

    Re:

    Hey hamilton. How does it feel to be outsparten by a spam filter bro?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 27 Oct 2019 @ 2:34am

    Should went with Maytag because if Whirlpool don't sound like some shit is really going down, I don't know what it sounds like!

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 29 Oct 2019 @ 12:53am

    Re:

    Translation: "I finally moved on from the bargaining phase of Shiva's loss and learned how to use the TOR browser"...

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.