Info Advantage was formed in 1992 for the purpose of specializing in Information Technology consulting, which encompasses business solution development, software development, and platform support from IBM’s midrange to a growing number of Intel based solutions.

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

WannaCry: The Worst Digital Disaster the World Has...
Homographs: Using Different Languages to Steal You...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 27 May 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Support Options

  • Phone Support +

    Speak to a support team member on the phone!

    Phone: (585) 254-8710
    Fax: (585) 254-8766

  • Ticket By Email +

    Send an email to the Help Desk to create a ticket automatically and communicate with your team or any member.

    Submit A Ticket

  • Ticket By Portal +

    Create and manage tickets via our secure online Help Desk Portal. (Members Only Requires login)

    Enter Support Portal

  • 1

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security technology Tip of the Week Privacy Best Practices Current Events backup Hackers malware cloud Business practice Productivity technology solutions Software cyber attacks Quick Tips Mobility Microsoft Hardware Disaster Recovery Windows 10 Office tips Computer Network Security business Mobile Devices Internet Business Management Ransomware Business Continuity Innovation Flexibility Social data breach Operating System Business Computing Small Business Health Law Enforcement Information Technology Saving Money email Hosted Solutions data Virtualization Mobile Computing Identity Theft Upgrade Risk Management Laptop IT Efficiency Wi-Fi Avoiding Downtime voip Miscellaneous phone systems Humor Application Internet Protocol IT Support Passwords Money cyber criminals Antivirus Communication internet user Office 365 Smartphone Personal Information History Robot byod virtualized servers Apps Server holiday Virtual Reality Microsoft Office Wireless Hosted Solution hardware solutions Scalability Relocation Text Messaging Encryption IT Services Private Cloud spam ATMs Update iPhone Government content How To Artificial Intelligence Data recovery Managing Stress Managed IT Services Gadgets Touchpad Net worth Education Reputation cars Search Router ecommerce Windows Workplace Tips Alert Battery VoIP right Video Games Cybercrime Facebook Point of Sale hardware refreshes Remote Computing Automation HaaS business continuity plan Automobile time Password Employer-Employee Relationship threats Recovery cloud capabilities BDR servers Legal

Blog Archive

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name