Hackers claim responsibility for breaching Plume - Smart WiFi Provider
Take action: If you are using any Plume service or product, change all passwords used for Plume services immediately. Also change the password on all other systems where you are using the same password.
Learn More
A cyberattack on Plume, a smart Wi-Fi service provider, has been disclosed by a hacker group known by the Twitter handle @MonkeyInject. Plume, headquartered in Palo Alto, California, is recognized for its software-as-a-service platform that delivers AI-driven security, smart Wi-Fi, and cloud management to a vast user base across 45 countries, covering tens of millions of homes and businesses.
THe online platform for sharing details of cyber breaches Breach Forums served as the initial platform for announcement by the hackers. The attackers claim to have exfiltrated over 20GB of data, including over 15 million lines of detailed customer and employee information from Plume. This group alleges that an ex-employee of Plume was instrumental in the data breach. Plume has not confirmed the veracity of these claims but has acknowledged awareness of the situation and is conducting an investigation.
The hackers have released two CSV files on the internet. These files are said to contain personal information of about 26,000 Plume customers:
- email addresses,
- full names,
- country locations,
- device specifications.
Another file purportedly includes personal details of Plume employees, with over 3,000 email addresses linked to Plume's company domains.
The hackers have criticized Plume's security practices, suggesting that the former employee’s retained access rights were a significant oversight.
