Plume, a renowned Smart WiFi services provider based in Palo Alto, California, has found itself at the center of attention after claims surfaced on a popular data leak forum. Attackers assert that they have successfully accessed and downloaded gigabytes of user data, including over 20GB of Plume’s WiFi database, which purportedly holds more than 15 million lines of information.
Upon discovery of the alleged breach, Plume promptly initiated an investigation into the matter. In response to inquiries, a representative from the company stated, “We are aware of the claim, and our teams are investigating,” maintaining a proactive stance in addressing the situation.
The attackers’ claims extend to the pilfering of a diverse dataset, encompassing mobile app users, customers, and even members of the company’s staff. The alleged compromised information includes email addresses, device details, carriers, first and last names, as well as specifications like iOS and Android versions.
Cybernews, a leading research team in cybersecurity, undertook an examination of the data sample provided by the attackers. Their findings revealed that the sample appears consistent with the statements made by the attackers regarding its contents. However, the absence of a complete dataset raises uncertainty about the origin of the data—whether it indeed belongs to Plume or if it was sourced from elsewhere.
Of note is the peculiar manner in which the attackers publicized their actions. Instead of clandestinely disseminating information, the perpetrators opted to create an account and announced the purported leak on social media platforms. This departure from conventional tactics, where attackers tend to use covert channels, adds a layer of intrigue to the situation.
Plume, operating as a Software-as-a-Service (SaaS) company, specializes in providing smart WiFi solutions, cloud management, and AI security services. Operating in more than 45 countries and claiming to cater to over 55 million homes and small businesses, Plume enjoyed a valuation exceeding $2 billion in 2021.