Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    Cloud Pets

    Uploaded by

    luvsheyn11
    ijmmujinu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Cloud Pets

    Uploaded by

    luvsheyn11
    24 views2 pages
    ijmmujinu

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    ijmmujinu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    24 views2 pages

    Cloud Pets

    Uploaded by

    luvsheyn11
    ijmmujinu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 2

    Cloud Pets: the toy that leaked 2 Million kids’ voice mails

    In 2015, the company Spiral Toys Inc. launched an innovative product that was described as “The best
    toy in history of toys.”, Cloud Pets.

    These toys have the ability to store and replay voice messages. Sending messages through Cloud Pets
    was easy. Cloud Pets toys connect to mobile apps and let parents or loved ones send messages to their
    children that are played through the stuffed animal. That means travelling parents or a deployed military
    member could send a heartfelt message through their child’s teddy bear at home, to be replayed when
    their child interacts with the bear.

    When you create an account with Cloud Pets, you give it your child’s name, an email address, and a
    photo. All voice messages and information sent through the Cloud Pets doll were saved in a database
    run by Spiral Toys Inc.

    Over the years, Spiral Toys went bankrupt. One of their largest expenses was the cost of storing and
    protecting customer’s data. To cut costs, they saved the data in an insecure database that didn’t require
    authentication to access. In other words, anyone could find and open this database without even
    needing a password.

    Troy Hunt, an independent security researcher and data breach expert, received a message by someone
    who claimed they had a copy of the Cloud Pets database. As proof, the informant sent Hunt a snippet
    containing half a million records of Cloud Pets customers. Hunt verified the data sent to him, as he knew
    someone who had bought their daughter a Cloud Pet, so could check that person’s login details against
    the leaked data. In no time, Hunt found that person’s information.

    The only way to stop any disasters from coming was to warn Spiral Toys of their mistake. But the person
    who informed Hunt had already sent multiple emails to Spiral Toys to warn them but his emails were
    either bounced back at him or never got a reply back. Knowing sending an email to Spiral Toys wouldn’t
    work, Hunt decided to call the company instead. But that was even worse because Spiral Toys’ contact
    information was a mess.

    Hunt then realized that the Cloud Pet’s database was scanned and put on Shodan (a popular search
    engine for finding connected things.), increasing the chance of cyber criminals finding the database.
    Since Spiral Toys didn’t take any action, Hunt decided to go public. Hunt hoped the media’s pressure
    would make the company secure its database, but unfortunately, Hackers already found the Cloud Pets’
    data.

    Cyber criminals found the data base and stole it. But they didn’t just steal it, they also wiped out the
    entire database. In the place of the data was a ransom note demanding Bitcoin as payment to return the
    data. When parents found out about the ransom, they sent angry emails to Spiral Toys, demanding for
    answers. However, their questions still didn’t get an answer because Spiral Toys’ emails and phone lines
    still weren’t active.

    Spiral Toys finally made a statement because of the pressure from the media. Parents wanted an
    apology and a solution but what they got was a series of excuses which made them angrier.
    The public backlash was so strong that Amazon, Target, and Walmart pulled Cloud Pets dolls from their
    stores because they didn’t want to be associated with a company that fumbled such a serious security
    breach.

    Senator Bill Delson, D-Fla., has already sent a letter to Spiral Toys demanding answers about the breach.
    Ultimately, there could be criminal charges depending on the facts of the case.

    Paying a ransom doesn’t guarantee that the data will be returned, so Cloud Pets never payed it. Besides,
    Spiral Toys was so broke that they didn’t have the money to pay it even if they wanted to. This also
    meant that hackers were still holding onto that data and could use it in different ways.

    You might also like