In a reported leak of billions of user records in a smart home data breach, researchers have found that a database that belongs to Chinese firm Orvibo has been left open without a password for protection. The database is said to encompass over 2 billion logs that include a range of information from account reset codes to user passwords, Forbes reported.

Orvibo, which runs a management platform for the internet of things (IoT) and is based in Shenzhen, reportedly says it has over a million users ranging from private individuals who have smart home systems to hotels along with other customers in the business space. The company is said to make 100 different smart automation or smart home devices. Other information reportedly involved in the breach includes scheduling information and precise geolocation.

The reset codes, however, were found to be of particular concern. According to a report from vpnMentor, “These would be sent to a user to reset either their password or their email address.” It also notes that “with that information readily accessible, a hacker could lock a user out of their account without needing their password. Changing both a password and an email address could make the action irreversible.”

In separate smart home device news, research that surfaced in a report last year noted that the global demand for smart home devices will exceed sales of smartphones by 2023. The research found that shoppers worldwide bought 663 million smart home devices in 2017 and that number is said to rise in 2023 to 1.94 billion.

The report noted, “Consumer spending on smart home related hardware, services and installation fees will reach nearly $96 billion in 2018 and grow at a 10 percent CAGR to $155 billion by 2023,” It continued, “Spending on devices will account for $53 billion in 2018 or 55 percent of the total and grow at an 8 percent CAGR to $78 billion in 2023, or 51 percent of total spending.”