I keep hoping we’ve reached peak vulnerable gadgets, only to hear about another unsecured device. Toys in particular continue being exposed as privacy and security nightmares that anyone with a slight desire to investigate can uncover. This week in toy privacy nightmares, a company called Spiral Toys was found to have exposed 800,000 user account credentials online, as well as 2 million voice message recordings.
The company’s CloudPets line, which includes internet-connected teddy bears, stored user credentials in a database that wasn’t secured by a password or behind a firewall. Security researchers discovered the MongoDB through Shodan, a search engine for finding vulnerable websites and servers. Their work was independently verified...
from The Verge - All Posts http://ift.tt/2mam3au
via IFTTT
EmoticonEmoticon