Info Advantage was formed in 1992 for the purpose of specializing in Information Technology consulting, which encompasses business solution development, software development, and platform support from IBM’s midrange to a growing number of Intel based solutions.

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

IoT Connected Stuffed Animals Leak Millions of Accounts Private Information

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

WannaCry: The Worst Digital Disaster the World Has...
Homographs: Using Different Languages to Steal You...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 24 September 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Support Options

  • Phone Support +

    Speak to a support team member on the phone!

    Phone: (585) 254-8710
    Fax: (585) 254-8766

  • Ticket By Email +

    Send an email to the Help Desk to create a ticket automatically and communicate with your team or any member.

    Submit A Ticket

  • Ticket By Portal +

    Create and manage tickets via our secure online Help Desk Portal. (Members Only Requires login)

    Enter Support Portal

  • 1

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security technology Tip of the Week Best Practices Privacy Current Events malware backup technology solutions Productivity Hackers Software cloud Business practice Innovation Microsoft cyber attacks Hardware Mobility Business Management Business Continuity Computer Disaster Recovery Ransomware Office tips Business Computing Network Security Mobile Devices Windows 10 Avoiding Downtime Quick Tips business Internet hardware solutions Efficiency Social Education Saving Money Health cyber criminals email Operating System Law Enforcement Laptop data breach Flexibility voip IT Services History Application Miscellaneous Antivirus internet user Upgrade IT Support Office 365 Money Small Business Facebook servers data Communication cloud capabilities Identity Theft Information Technology Personal Information Smartphone Risk Management Passwords Humor IT Mobile Computing Wi-Fi Wireless Data recovery Managing Stress Scalability Text Messaging Net worth Update iPhone Software-based phone systems cars Automation ecommerce How To phone systems Workplace Tips Server Artificial Intelligence Managed IT Services Government Battery Internet Protocol Point of Sale Cybercrime Search hardware refreshes Router business continuity plan Reputation Automobile time threats Video Games downtime BDR Recovery Virtualization Remote Computing Gadgets virtualized servers holiday Virtual Reality HaaS Password byod Microsoft Office Touchpad Alert Encryption Legal Hosted Solutions ATMs spam Marketing Apps content Windows

Blog Archive

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name