More than two million recorded messages by ‘smart teddy bear’ leaked on the internet

Posted 28 February 2017 19:24 CEST by Jan Willem Aldershoff

More than 2 million recorded messages of a ‘smart teddy bear’ that allows children to record messages, and sent them to others, were leaked on the internet. The affected teddybears are from the brand CloudPets, part of Spiral Toys.

 

Children can sent messages through the teddy bear to e.g. their parents through the CloudPets app and parents can reply to them. However, these messages were stored in an unprotected MongoDB database that was accessible by everyone. The database contained 2.2 million messages, according to security researcher Troy Hunt. Besides the recordings, also 820,000 users accounts were stored in the unsecured database.

The issue was discovered because Hunt was contacted by a user who didn’t receive a response when he tried to warn CloudPets several times about the database being accessible for everyone.

The type of database (MongDB) in which the messages were stored has been targeted by cybercriminals for some time already. There are known cases where MongoDB databases owners had to pay a ransom to gain access to their data again. According to Hunt also the database from CloudPets had been ransomed in the past.

Therefore Hunt argues that CloudPets should have known that their database was unprotected, but parents were never informed about the data breach. A possible reason is that the company is in financial trouble, its shares are worth less than half a cent and the entire company is worth less than 99% of its peak value.

Hunt also was unable to contact the company but somehow the unprotected database is no longer accessible.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×