'Children's messages in CloudPets data breach' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on February 28, 2017 13:36 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-39115001

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Previous version 1 Next version

Version 0	Version 1
Children's messages in CloudPets data breach	Children's messages in CloudPets data breach
2017-02-28 13:40:12 UTC	2017-03-01 10:00:48 UTC (about 20 hours later)
An open database containing links to more than 2 million voice messages recorded on cuddly toys has been discovered, cybersecurity researcher Troy Hunt has revealed.	An open database containing links to more than 2 million voice messages recorded on cuddly toys has been discovered, cybersecurity researcher Troy Hunt has revealed.
The messages were created by owners of CloudPets soft toys.	The messages were created by owners of CloudPets soft toys.
At one point, the data was even held to ransom, Mr Hunt says.	At one point, the data was even held to ransom, Mr Hunt says.
The animals are advertised as being toys that enable people to record and send greetings via a phone app and the toy itself.	The animals are advertised as being toys that enable people to record and send greetings via a phone app and the toy itself.
The creatures are marketed as cuddly devices to connect children to working parents or grandparents.	The creatures are marketed as cuddly devices to connect children to working parents or grandparents.
They are currently on sale for a heavily discounted £6 in UK children's store The Entertainer but are listed at $29.99 on the CloudPets US website.	They are currently on sale for a heavily discounted £6 in UK children's store The Entertainer but are listed at $29.99 on the CloudPets US website.
~~The~~ ~~BBC~~ ~~has~~ ~~contacted~~ California-based Spiral Toys, which makes the ~~animals.~~	In a statement, California-based Spiral Toys, which makes the animals, said it was notified about a potential breach in February and "took immediate and swift action".
~~The~~ ~~email~~ ~~address~~ on ~~its~~ ~~website~~ is ~~bouncing~~ ~~messages~~ ~~back~~ ~~and~~ ~~Troy~~ ~~Hunt~~ ~~said~~ the ~~researcher~~ ~~who~~ ~~told~~ ~~him~~ ~~about~~ ~~the~~ breach ~~had~~ ~~tried~~ ~~three~~ ~~times~~ to ~~contact~~ ~~the~~ ~~firm~~ ~~using~~ ~~various~~ ~~addresses~~ ~~they~~ ~~found~~ ~~connected~~ ~~with~~ ~~it.~~	"When we were informed of the potential security breach we carried out an internal investigation and immediately invalidated all current customer passwords to ensure that no information could be accessed.
	"To our best knowledge, we cannot detect any breach on our message and image data, as all data leaked was password encrypted."
	It added that it is now requiring users to choose "new, increased security passwords" and has sent out emails informing customers of the potential compromised login data.
Password: Cloudpets	Password: Cloudpets
The website NetworkWorld reports that the firm denied voice data had been stolen.	The website NetworkWorld reports that the firm denied voice data had been stolen.
Troy Hunt wrote on his blog that the voice recordings were stored in the cloud and the database, which was left exposed on the net, reveals their exact location.	Troy Hunt wrote on his blog that the voice recordings were stored in the cloud and the database, which was left exposed on the net, reveals their exact location.
He also expressed concern that there were no password rules at all, meaning lots of people had selected passwords that were extremely easy to crack.	He also expressed concern that there were no password rules at all, meaning lots of people had selected passwords that were extremely easy to crack.
"Because there were no rules, lots of people created bad passwords," he told the BBC.	"Because there were no rules, lots of people created bad passwords," he told the BBC.
"I did an exercise and found it was really easy to create them. Lots of people were using the password Cloudpets because that's what people do."	"I did an exercise and found it was really easy to create them. Lots of people were using the password Cloudpets because that's what people do."
There appeared to be around 820,000 accounts visible.	There appeared to be around 820,000 accounts visible.
Both Mr Hunt and British security researcher Ken Munro said the toy showed similar vulnerabilities to the Cayla doll, an internet-connected toy that was found to be easily breached and could even be hacked to spy on its owners.	Both Mr Hunt and British security researcher Ken Munro said the toy showed similar vulnerabilities to the Cayla doll, an internet-connected toy that was found to be easily breached and could even be hacked to spy on its owners.
German watchdog the Federal Network Agency (Bundesnetzagentur) has now advised parents who own a Cayla doll to destroy it.	German watchdog the Federal Network Agency (Bundesnetzagentur) has now advised parents who own a Cayla doll to destroy it.
Like Cayla, there is no Pin number required to sync CloudPets with other devices, Ken Munro explained.	Like Cayla, there is no Pin number required to sync CloudPets with other devices, Ken Munro explained.
"If you have a CloudPets bear, switch it off," he said.	"If you have a CloudPets bear, switch it off," he said.
"It might be a good idea for people to try to delete their accounts - it's possible that the recorded data might go.	"It might be a good idea for people to try to delete their accounts - it's possible that the recorded data might go.
"Try to remember what password you set for the account - and if you used it anywhere else, change it."	"Try to remember what password you set for the account - and if you used it anywhere else, change it."