Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: ITWiser Webmaster
2 Million recordings of families held to ransom!
Millions of recordings have been leaked online and held to ransom, after a IoT stuffed toy maker used an insecure MongoDB.
The stuffed toy in question cost around $40 it has inbuilt microphones and speakers and it connects to the internet using either android or iOS smartphones or tablets. The toy can be used to exchange messages between families and friends who have the app or a stuffed toy.
The information that was associated with the cloudpets.com accounts was being stored on a poorly secured NoSQL database which was holding 10 GB of information. The internet facing MongoDB installation which sat on port 2701 at 220.127.116.11 and didn’t require any authentication to gain access.
The criminals have been scanning the net for unsecure MongoDB installations, once they discovered this one they took a copy of all the data then removed it from the server. The criminals were then asking for money for its safe return, it has been reported that this has happened 3 times before.
ITWiser offer a wide range of services and solutions that can help prevent situations like this from happening to you and your business. We offer internal security audits and external security audits, these audits are designed to highlight issues on your network. For more information on these or on any of our other services please get in touch today.