COMMENT: CloudPets data breach
February 2017 by David Kennerley, director of threat research at Webroot
In light of the news that CloudPets, a company which makes internet connected toys for children, has suffered a data breach exposing voice recordings between family members as well as sensitive account information, please find the below comment from David Kennerley, Director of Threat Research at Webroot.
“The CloudPets breach is just another in a long list of poorly secured internet-connected devices, although in this case sensitive information was barely secured at all. Aside from the sheer creepiness of hacking a children’s toy, this type of sensitive information can be used by cyber criminals to access a user’s more high-value accounts. The ease with which an attacker can access users’ details including passwords can give them a starting point for accessing other accounts, and sensitive family information can be used to guess passwords and secret questions.
“At the moment we are seeing a number of attacks focused on extortion, with attackers brute-forcing platforms like MongoDB and MySQL. Users are “setting and forgetting” these protocols, tools and software, so we are likely to see more cases hit the news going forward. Companies must ensure that they are securing their devices and the information they collect properly. The CloudPets situation is a prime example of connected device manufacturers being grossly negligent towards the security of their products. In addition, users must be educated on the potential for these devices to generate and store sensitive data, as well as how to use good security practices to ensure their information is safe.”