Smart meters can record fine-grained power consumption data and provide such data to the power supplier through realtime communications. Although smart meters can make power management more efficient and fault-tolerant, they also pose bigger threats to user privacy. Data from smart meters contain fine-grained power consumption information of home appliances and thus can be used to infer the ON/OFF states of home appliances. This problem has received some attention in the literature, however, most of them focus on active power based attacks. This paper focuses on reactive power and demonstrates how attackers can exploit reactive power data to infer appliance usage information. Experiments on real residential smart meter data show that our proposed attack can identify the ON/OFF events of home appliance with high accuracy. To protect users against such attacks, a novel defense technique called Reactive Power Obfuscation (RPO) is proposed. RPO can mask the true reactive power demand from the smart meter by using a capacitor to store and provide reactive power in a controlled manner. We evaluate the performance of RPO based on real household power consumption data. Evaluation results show that the ON/OFF events of home appliances can hardly be revealed from reactive power data when RPO is applied.