Maker of popular smart-home software continues to leave database containing billions of users' passwords OPEN online, report reveals