Skip to main content

Amazon, Walmart, and Target are no longer selling CloudPets

Remember when the worst thing that could happen to your doll was it losing an eye? How times have changed. In the latest toy scandal (yes, those are a thing now ), a connected teddy bear leaked the voice recordings of more than 2 million children and parents, along with email addresses and password information associated with more than 800,000 accounts. As first reported by Troy Hunt in a blog post published in late February, Spiral Toys , the company behind the CloudPets line of stuffed animals , left a whole lot of user data vulnerable to attack. Now, those toys have been pulled from a number of retailers, including Amazon, Walmart, and Target. Amazon began taking down CloudPets from its online marketplace after being contacted by Mozilla, which offered research that highlighted the potential dangers of the child’s toy. “In a world where data leaks are becoming more routine and products like CloudPets still sit on store shelves, I’m increasingly worried about my kids’ privacy and security,” Ashley Boyd, Mozilla’s vice president of advocacy, said in a statement. When it comes to CloudPets, it looks like that concern is well-placed. A few months ago, Hunt explained the vulnerability, writing in his blog post, “…in CloudPets’ case…data was stored in a MongoDB that was in a publicly facing network segment without any authentication required and had been indexed by Shodan (a popular search engine for finding connected things).” So what does that mean? In essence, customer data could be easily accessed by just about anyone, and accessed it was. Hunt noted that as per data from Shodan, between December 25 and January 8, customer data was looked into many times by many people, including by malicious parties who demanded ransom for the release of some of this data. Worse still, it would appear that CloudPets was actually warned of this problem, with Hunt noting that a good samaritan had “tried to contact CloudPets three times to warn them about the exposure.” Unfortunately, the email address listed on the company’s support page bounced back, and subsequent attempts at contact went unanswered. Sadly, Hunt said, this kind of willful ignorance seems to be rather commonplace, particularly in the realm of cybersecurity. “Time and time again, there are extensive delays or no response at all from the very people that should be the most interested in incidents like this,” he wrote. “If you run any sort of online service whatsoever, think about what’s involved in ensuring someone can report this sort of thing to you because this whole story could have had a very different outcome otherwise.” Updated on June 5: Amazon, Walmart, and Target pulled CloudPets from stores. Editors' Recommendations
Labels:

Comments

Post a Comment

Popular posts from this blog

Study: Majority of U.S. Broadband Households Concerned About Security of IoT Devices

As Internet-connected devices become more ubiquitous, security and privacy concerns of end users are also on the rise. Simply installing security systems in smart homes is no longer enough. Security integrators must also consider bolstering cybersecurity measures when installing their systems. A recently released whitepaper from IoT research firm Parks Associates, titled “Residential Security and Encryption: Setting the Standard, Protecting Consumers,” reveals that 64% of U.S. broadband households are concerned about security and privacy when using their connected devices. Parks Associates also found that the majority of homeowners assume security integrators are addressing their cybersecurity concerns. In fact, a Parks Associates survey of U.S. security owners found 63% of professionally monitored subscribers believe the wireless signals from their system are encrypted, even though encryption is currently not the industry-wide standard. While the whitepaper outlines a few ...
Post a Comment
Read more

The Benefits of a DIY Home Security System

This week’s mailbag addresses the pros and cons of a DIY home security system, how to browse the internet without being tracked, the best way to secure firearms in your home — and more. Let’s get started. I am investigating home security systems since I am not at home constantly. What are some things I should look for in a good home security system? Do you have any recommendations? — Ken R. First, decide whether you want to install a “do-it-yourself” home security system or have a professional company come to your home and install it for you. Before making this decision, check with your local police department and ask if they respond to residential alarms. In most larger cities, they won’t — but the company providing your home security usually has private guards who will respond. If you live in a small town like I do where the police department does respond to intrusion alarms, you might want to go with an alarm company. If you live in a ...
Post a Comment
Read more

Home and Consumer IoT Security Solutions

Why Consumer IoT Products Need Security Home IoT products offer many conveniences but there are massive amounts of private consumer data being transferred to and from these services vulnerable to attack if left unsecured. Security across an entire IoT home demands proper device authentication and data encryption to ensure that all connections are trusted and communications are protected. PKI Isn’t Just for Web Security Despite common misconceptions, PKI is a perfect match for the exploding IoT sector, providing trust and control. An ideal security solution for smart homes and appliances, PKI can be incorporated during product design, build, deployment, or ongoing maintenance. Streamline management for all your IoT certificates using our scalable platform. Provision, issue, renew, and revoke certificates in one place without additional hassle or manual error. Secure storage and management for certificate keys Custom certificate profiles Automated high-volume deployment Scanning an...
Post a Comment
Read more