Children's messages in CloudPets data breach. Jouets connectés : quels conseils pour les sécuriser ? Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Record... A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen.
Since Christmas day of last year and at least until the first week of January, Spiral Toys left customer data of its CloudPets brand on a database that wasn't behind a firewall or password-protected. The MongoDB was easy to find using Shodan, a search engine makes it easy to find unprotected websites and servers, according to several security researchers who found and inspected the data. The exposed data included more than 800,000 emails and passwords, which are secured with the strong, and thus supposedly harder to crack, hashing function bcrypt. During the time the data was exposed, at least two security researchers, and likely malicious hackers, got their hands on it.
"They were very irresponsible. " Kids The Connected Home Privacy in the Age of Connected Dolls Talking Dinosaurs and Battling Robots. Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots - Future of Privacy Forum. FOR IMMEDIATE RELEASE December 1, 2016 Contact: Melanie Bates, Future of Privacy Forum, 202-596-9837, firstname.lastname@example.org Emma Morris, Family Online Safety Institute, 202-775-0158, email@example.com Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots.
German parents told to destroy Cayla dolls over hacking fears. Image copyright Getty Images An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data.
The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications. Researchers say hackers can use an insecure bluetooth device embedded in the toy to listen and talk to the child playing with it. Manufacturer Genesis Toys has not yet commented on the German warning. German parents urged to destroy data-collecting toy doll. A German privacy watchdog is urging parents to destroy My Friend Cayla, a doll which has a knack for collecting private information about its owner.
Germany's Federal Network Agency, which is known as "Bundesnetzagentur," issued the warning after a student named Stefan Hessel raised the alarm about Cayla and her devious ways. Hessel, who studies at the University of Saarland, says Cayla's speaker and microphone system are vulnerable to external attacks. As he told the German website Netzpolitik.org (and rendered in English by Google Translate): "There are decisive reasons for the fact that the doll is a prohibited broadcasting system in the sense of § 90 Telecommunications Act.