Attackers claim Plume data breach


Plume, a smart WiFi services provider, was posted on a popular data leak forum, with attackers claiming that they’ve downloaded gigabytes of user data. The company is investigating the claims.

The attackers allege that they’ve stolen over 20GB of Plume’s WiFi database, containing over 15 million lines of information.

The company said it is aware of the claims about the supposed data breach.

ADVERTISEMENT

"We are aware of the claim and our teams are investigating," Plume’s representative told Cybernews.

The dataset supposedly includes different protections, including mobile app users, customers, and the company’s staff members.

Plume post
Post on a data leak forum. Image by Cybernews.

The attackers claim that the supposed leak includes email addresses, devices, carriers, first and last names, iOS and Android versions, and other data.

The Cybernews research team has investigated the data sample the attackers provided and confirmed the data sample seems to match the attackers’ statements about its contents.

However, since the attackers only included a sample and not a full data set, it’s impossible to say whether the data actually belonged to Plume or was taken from somewhere else.

Interestingly, instead of covertly advertising the alleged leak, the attackers created an X account and announced their leak on social media. Typically, attackers would distribute information using more covert channels.

Based in Palo Alto, California, Plume operates as a Software-as-a-Service (SaaS) company, offering users smart WiFi, cloud management, and AI security services. The company operates in over 45 countries and claims to serve over 55 million homes and small businesses. Plume was valued at over $2 billion in 2021.

ADVERTISEMENT

The article was updated on November 13 [01:45 PM GMT] with a statement from Plume.