Spiral Toys, which manufacturers the CloudPets range of Bluetooth-enabled "smart toys," is under privacy fire for exposing 821,000 user records online, as well as links to 2.2 million parent and child voice recordings captured by its interactive toys and related apps.
Copies of the data are in wide circulation and appear to be the focus of multiple attempted ransom shakedowns. Also it was been reported that attackers downloaded and then deleted some of the databases - including one containing 821,000 user records - and left at least three different ransom notices for Spiral Toys. While Spiral Toys stored passwords using the bcrypt password-hashing algorithm, which is good, it failed to enforce stronger password policy. As a result, short - such as "qwe" - or overused passwords could be picked, meaning that many passwords could be easily cracked.
No comments:
Post a Comment