Info Advantage was formed in 1992 for the purpose of specializing in Information Technology consulting, which encompasses business solution development, software development, and platform support from IBM’s midrange to a growing number of Intel based solutions.

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

WannaCry: The Worst Digital Disaster the World Has...
Homographs: Using Different Languages to Steal You...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 20 November 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Support Options

  • Phone Support +

    Speak to a support team member on the phone!

    Phone: (585) 254-8710
    Fax: (585) 254-8766

  • Ticket By Email +

    Send an email to the Help Desk to create a ticket automatically and communicate with your team or any member.

    Submit A Ticket

  • Ticket By Portal +

    Create and manage tickets via our secure online Help Desk Portal. (Members Only Requires login)

    Enter Support Portal

  • 1

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security technology Tip of the Week Privacy Best Practices Current Events Hackers malware backup technology solutions Productivity cyber attacks Business practice Software Business Management Ransomware cloud Microsoft Innovation Business Continuity Mobility Disaster Recovery business Quick Tips Efficiency Hardware Office tips Business Computing Mobile Devices Network Security Windows 10 hardware solutions Computer Avoiding Downtime Internet Flexibility data breach email Education cyber criminals Social Wi-Fi voip Operating System Laptop Health Law Enforcement Passwords Miscellaneous phone systems Humor IT Identity Theft Personal Information Mobile Computing Money Antivirus Information Technology Saving Money Smartphone IT Services Facebook History Risk Management servers Small Business Upgrade IT Support Office 365 Application data internet user Communication cloud capabilities Reputation BDR HaaS byod Virtual Reality cars Marketing Search Internet Protocol Windows Scalability Encryption Hosted Solutions Workplace Tips Alert Data recovery spam Update Apps Net worth Wireless hardware refreshes Automation How To Text Messaging ecommerce Microsoft Office time Employer-Employee Relationship Managing Stress threats Cybercrime Artificial Intelligence Managed IT Services virtualized servers Server Gadgets Video Games Recovery Battery Router holiday business continuity plan iPhone Remote Computing ATMs Government Point of Sale downtime Password content Virtualization Automobile Software-based phone systems Legal PDF USB Google Drive Worker Commute VoIP right Instant Messaging Work/Life Balance End of Support VPN Internet Exlporer Robot computer network Advertising Hosted Solution Relocation Smartphones Private Cloud Users Telephone Systems Black Market Social Media User Tips Telephony Entertainment Google Touchpad

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name