If only Marv and Harry were burglars today; they might have found it much easier to case houses and — perhaps — would know which houses were occupied by technically inclined kids by capitalizing on the potential vulnerability that [Luc Volders] has noticed on ThingSpeak.
As an IoT service, ThingSpeak takes data from an ESP-8266, graphs it, and publicly displays the data. Some of you may already see where this is going. While [Volders] was using the service for testing, he realized anyone could check the temperature of his man-cave — thereby inferring when the house was vacant since the location data also happened to be public. A little sleuthing uncovered several other channels with temperature data or otherwise tied to a location that those with nefarious intent could abuse.
Not a vulnerability with the software per se, but [Volders] well observes that privacy settings must needs be altered whenever you’re using an online IoT service. Despite the awesomeness of IoT inter-connectivity, always be aware of the downsides and take steps to mitigate them.