The VLAN has nothing to do with that. A firewall rule would have. But if you had set a firewall rule that it never registered with the HOME PLANET, then the device would have been non-functional. This approach only works for devices that support local control. My understanding is some to all Orvibo devices are not controllable locally. If you want to use them for home automation you have to use their cloud and therefore have your data in their exposed database.
All of which is good advice. But useless advice if you have a device that requires cloud access to control it (e.g. Nest, Ecobee, Honeywell just to name thermostats).
Having devices on a VLAN protects you from lateral movement of an attacker. For example, someone compromises one of your IP cameras through a built in back door. Now they are on your camera they can move around your network and compromise other devices, spy on your network, potentially steal data, more likely compromise other devices and install cryptominers. A VLAN limits what this attacker can see. That is all.
Special firewall rules on the other hand can block connections from the Internet or block connections from specific devices on your network to the Internet. This works whether you have VLANS set up or not. But, many of these devices may require internet access to work. No firewall settings can give you both protection from having your data gathered by the cloud service and have a working device you can control if the device can only be controlled through the cloud service.
The only way to protect yourself from this is to use devices that can be locally controlled. Then and only then can you block them from the Internet and still be able to use them as a smart device.
This is mixing risks. The breach above had nothing to do with hacking into your local network. There is nothing about this breach that would make that any more or less possible. The breach above is a case of a company gathering lots of information and not protecting it. Your home network is no more or less secure. Orvibo needs to worry about that for sure, but you don’t.
That’s not to say that your LAN isn’t at risk, but it will be from back doors or vulnerabilities in the devices, not a database breach.
When working to protect yourself and your network, it is very important to understand what you are protecting yourself from. “Secure all the Things” will always leave gaps, plus you will spend more effort than necessary and leave you with a false sense of security.
Thus, if you want to protect an attack on your locally controllable devices, configure the firewall so they cannot reach the Internet and the Internet cannot reach them. If you want to protect other devices on your LAN from a compromised device on your LAN, limit how much of your network a compromised device can see. Ideally, devices wouldn’t even be able to see each other, only openHAB. VLANS is one way to do this. If you want to avoid the compromise described in the OP, you must not use devices that require cloud services, and for the devices you do use limit their ability to communicate with the Internet.
You must have locally controllable devices before VLANS or firewall rules can be used. Therefore not using devices that require cloud services is the root mitigation to avoid the compromise in the OP.