CloudPets’ Internet of Things (IoT) teddy bear leaked more than 2 million voice recordings of parents and children because of their poor database security. This is only the latest compromise to occur with children’s toys. In January, Germany issued a ban on its internet-connected doll, Cayla, and demanded parents destroy them. With the CloudPets leak, everyone’s fear of what the privacy risk to children is with these smart toys has been brought to life.
The breach was first reported on Tuesday in a blog post by Troy Hunt, a Microsoft guru who specializes in cloud and online security. Hunt informs that CloudPets’ data was saved to a MongoDB database on an Amazon-hosted service that was publicly available and required no authentication, not even a password. Hunt goes on to say that the database was filed by Shodan, a search engine known for finding connected things, and evidence shows that since December 25, 2016 the stored data had been accessed multiple times by multiple people. CloudPets’ parent company, Spiral Toys, was notified at least four times about the breach, however, Hunt explains that some attempts to contact the company failed due to dead email addresses. In any event, there is no way Spiral Toys was not aware of the leak due to evidence left from criminal ransom demands.
Although this is a wake-up call to parents, businesses can take a lot away from the CloudPets breach, explains cybersecurity expert, Vinny Troia, CEO of NightLion Security. “Many businesses have not taken cybersecurity as seriously as they should be, until it’s too late,” Troia continues, “they take shortcuts that do not properly protect them against cyber criminals, and then are floored when their system becomes compromised.” Troia goes onto to explain that today cybersecurity needs to be at the forefront of businesses’ minds or they are going to be the next Spiral Toys.
The CloudPets incident is only the most recent compromise involving IoT toys, but they are certainly not the last. Both businesses and parents need to take the proper steps to protect the user data and their children from the darker side of the cyber world.
As time goes on, hackers are becoming increasingly advanced. In 2015, 34.2 percent of computer users experienced at least one Web attack. This is a huge issue for users and is only expected to get worse. It is expected that data breaches, ransomware and browser plug-ins will be the biggest security threat of 2016, according to an article on Fox News.
Data breaches are the most well known and this is when hackers steal payment information. Retailers will continue to be hit by hackers but there are some predictions of different kinds of industries to be hit this year including hotel industries, medical insurance and high-tech toy industries. The Apple pay system is a good way to prevent hackers stealing credit card information, as well as EMV chips in credit and debit cards.
Ransomware is a type of malware that prohibits users from using their system. The victims have to pay a ransom through an online payment method to access their system again. The FBI actually suggests victims paying the ransom in order to use their system again. To prevent this from happening, watch out for what you click on. Ransomware has to be installed before it can actually work on someone.
It is reported that people spend much of their time on Web browsers. Hackers can find a flaw in a browser and try to get victims to click on a bad site. This is another reason why people need to pay close attention to what they are clicking on.
Customer information was hacked at JP Morgan and 9 other US banks. There was no money actually taken from accounts but through credit cards. Apple pay system was designed to prevent credit card hacks. There is no possible way to obtain the credit card number with the Apple pay system. Vinny Troia, Hacking Forensic Investigator and CEO of Night Lion Security, a cyber security and IT risk management company, discusses this topic on Fox Business.
Troia explains that the next logical way for hackers will be to match usernames and passwords of people’s bank accounts and drain their money. This would be an enormous upset for banks, when this does happen. The banks would have to give whatever money was stolen back to their customers.
Since the JP Morgan breach, companies are becoming more aware of the data breaches that are likely to happen. Vinny Troia, Cyber Security Expert and CEO of Night Lion Security, discusses the JP Morgan breach with Kevin O’Leary, Michelle Caruso-Cabrera and the staff of CNBC’s Closing Bell. The hacker had gotten in through a personal computer at JP Morgan. This proves that hackers can get into anything at any time.
Troia explains that the hackers had clearly calculated their move because they did not take the passwords that go to the usernames. This is because JP Morgan would have sent out a notification for everyone to change his or her passwords immediately. A question came up regarding whether the hacker had stolen money and it was never confirmed. This data breach clearly shows that people’s information is not safe anymore.