REVER

Conectado CloudPets Brinquedos Expor dois milhões de crianças Gravações de voz

Como sobre isso? 2 milhão de gravações de voz das crianças e dos pais, juntamente com os endereços de e-mail e senhas pertencentes a 800,000 contas foram expostas. O motivo? brinquedos animais empalhados conectados à Internet inseguros!

Voice Recordings and Sensitive Data from Connected CloudPets Toys Leaked and Ransomed

The story doesn’t end here. All this extremely sensitive data was publicly accessible via an open database which was left unprotected. The database didn’t have either a password or a firewall, making it dangerously easy for anyone to access it.

relacionado: NOS. Pesquisa revela Troublesome detalhes sobre Medical violações de dados

This dreadful discovery was made by Troy Hunt, the owner of the Have I Been Pwned? projeto, who wrote:

Now firstly, put yourself in the shoes of the average parent, that is one who’s technically literate enough to know the wifi password but not savvy enough to understand how themagicof daddy talking to the kids through the bear (e vice versa) actually works. They don’t necessarily realise that every one of those recordings – those intimate, heartfelt, extremely personal recordings – between a parent and their child is stored as an audio file on the web. They certainly wouldn’t realise that in CloudPets’ caso, that data was stored in a MongoDB that was in a publicly facing network segment without any authentication required and had been indexed by Shodan (a popular search engine for finding connected things).

In technical details, the sensitive data was exposed by CloudPets – the stuffed animal tors produced by Spiral Toys. What are the toys for, you are perhaps wondering. They record and play voice messages which parents and children can send over the Internet. The database at fault, to no one’s surprise, is a MongoDB one having 821,296 account records and stored by a Romanian company. Spiral Toys had a contract with that company, and according to Hunt, people tried to notify the toy manufacturer about the serious breach.

But that’s not all of it! The data which was indexed by the Shodan search engine was accessed many times by different parties, cybercriminals included. The data was also exposed to ransom demands, as it was held by crooks.

relacionado: Seus registros do navegador excluídos poderia ainda estar na iCloud da Apple

What Did California-Based Spiral Toys Respond?

Como relatado by Network World, on Monday, the California-based company claimed it never received any warnings of a privacy-related incident.

The headlines that say 2 million messages were leaked on the internet are completely false,” a empresa alegou. It became aware of the incident after a reporter from Vice Media contacted them last week. “We looked at it and thought it was a very minimal issue”.

That’s just another example of how bad Internet-connected things can turn. Have a look at Troy Hunt’s full investigation.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Fique ligado
Assine nosso boletim informativo sobre as últimas cibersegurança e notícias relacionadas com a tecnologia.