A publicly accessible ElasticSearch server owned by Orvibo, a Chinese smart home device maker, exposed more than two billion user logs containing sensitive customer data. Orvibo left an ElasticSearch database connected to the Internet without a password, leaking data that includes email addresses, passwords, and password reset codes. Despite being aware of these problems for two weeks, the smart home device maker has not taken any action to remediate the situation.