March 2, 2017
Spiral Toys, the manufacturer of the SmartToy line CloudPets, left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen to. Some hackers went so far as to lock accounts and hold them for ransom.
The internet-connected Teddy Bear allows kids to communicate with far away friends and relatives without having to give them their own phone, though parents do have to download the CloudPets App to a phone or tablet to connect the bear. Messages can be sent and received from anywhere in the world. Unfortunately, the database used by Spiral Toys wasn’t behind a firewall or password protected, which made it easy to find using Shodan, a search engine that exposes unprotected websites and servers to hackers. The attack occurred between Christmas of last year and at least until the…
View original post 401 more words