Plume, a leading smart Wi-Fi service provider, has reportedly fallen victim to a data breach, as disclosed by hackers on the Breach Forums. The Palo Alto-based company, known for its AI security, smart Wi-Fi, and cloud management services across 45 countries and 55 million homes, is currently under investigation following the hackers’ claim of stealing over 20GB of the company’s Wi-Fi database.
Furthermore, the breach was further detailed by the hackers on their Twitter profile, @MonkeyInject, an unusual move as hackers typically operate covertly. The disclosure included two CSV files containing purported data of Plume’s customers and employees, emphasizing the urgency for affected individuals to change passwords across platforms using the same username.
Dissatisfied with Plume’s response, the hackers criticized the company for a lackluster approach to security, attributing the breach to a former employee who retained access rights even after leaving in 2023. The hackers, demanding compliance from Plume within 48 hours, threatened the release of additional sensitive information if their demands were not met.
Security experts stress the potential risks associated with the exposed data, urging affected individuals to change passwords promptly. The incident sheds light on the critical flaws in access management and the pressing need for organizations like Plume to enhance their security protocols to prevent similar breaches in the future.