Info Advantage Blog

With the rise of the age of the Internet of Things (IoT), more and more everyday devices are becoming connected to the web as a means to make a more personalized product experiment. Today, we have IoT connected watches, televisions, and even kitchen appliances like refrigerators or coffee makers. As convenient as these devices can be, they can pose a serious threat to a user’s personal information if the security behind the device is lackluster. Such is the case with CloudPet, a IoT connected stuffed animal that lets children and their loved ones communicate with each other through an app, which exposed the personal data of thousands of accounts.

CloudPets are made by Spiral Toys, a company based in California that specializes in toys that connect to the internet. The concept behind the toy is that a child can communicate with their parents or loved ones who are far away. The toy is connected to an app, which allows the connected party to record voice messages to send to the child’s CloudPet. The CloudPet then allows the child to send a voice recording back, which can be played through the app.

On February 28, 2017, security researcher Troy Hunt posted a blog about how the data from CloudPets stuffed animals had been leaked and ransomed, potentially exposing these recordings. Hunt found that several parties had reached out to CloudPets and their parent company Spiral Toys about the breach, yet had received no response. With some help of members on his site, Have I Been Pwned?, Hunt was successfully able to access the user photos and voice recordings. While there were no recordings or photos on the exposed database, the leakage did contain sensitive data that could easily compromise an account.

According to the CloudPet’s site, the breach was caused when CloudPet’s user data was temporarily moved to a new database software. In December of 2016, third party developers moved CloudPets data to a temporary database in order to make upgrades to the CloudPet’s app. During the time, the database software that was used had an exploit that hackers would use to hold data for ransom. While CloudPets claims that no voice recordings were accessed, they do admit to the leakage of email addresses, usernames, and encrypted passwords. However, there were no password strength rules before the breach, so a hacker could still easily access thousands of those compromised accounts.

Since the breach was made public on February 22, the CloudPets app required all users to reset their passwords, and created new password security requirements to ensure the new passwords are more secure. They also recommend that users create a unique password for every application or site, and advise them not to use “easily guessable” passwords.

A company known as River City Media (RCM) has accidently leaked the email addresses of 1.37 billion users due to the failure of setting up a password protection on their remote backup storage. In addition to email addresses, the database also included thousands of real names, IP addresses, and even physical addresses. In all, some 200GB of data had been exposed for several months, leaving it vulnerable to cyberattacks.

The leak was found by Chris Vickery, a security researcher for MacKeeper. In his blog post published on Monday, March 6, Vickery explains that MacKeeper worked closely with CSOOnline and Spamhaus after the discovery of the files in January. Vikery and his team were able to trace the files back to RCM, a notorious spam operation.

“RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends,” says Vickery.

Vickery believes the company was able to obtain the almost 1.4 billion email addresses through offers such as credit checks, sweepstakes, and education opportunities. There is also evidence that similar spam companies also contributed to the list. While some percentage of the user may have fallen for RCM’s spam offerings, Vickery also suggests that the company used a variety of more advanced techniques to lure users to give up their email address.

“One is called co-registration,” explains Vickery, “That’s when you click on the “Submit” or “I agree” box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site.”

The leak is blamed on a failed remote backup attempt, which left a ‘snapshot’ of the company data from January 2017 exposed to the internet. Anyone who found the data would be able to access internal chatlogs, emails, and the 200GB email collection RCM had acquired. According to Vickery, the failure was due to RCM failing to put a password up on their repository, leaving it poorly secured.

Since the release of the break, Spamhaus has blacklisted the entirety of RCM’s infrastructure. The research team working on the case have also reached out to law enforcement agencies about the data leakage and suspected illegal spamming.

Putting security and proper backup on the back burner can cause serious damage. Don't let your company fall pray to the thousands of threats that lurk just a click away. Contact Info Advantage today at (585)  254-8710 to speak to a technology consultant about your security and backup environment.

There are thousands of breaches of information every year, threatening our personal information and sensitive data. On Feb 23^rd, news of a brand-new bug known as Cloudbleed dropped. This bug has affected thousands of sites, potentially leaking out the sensitive information of their users, according to a new report by CNET. Here is a quick guide to understanding exactly what Cloudbleed is, and how it may have affected you and your company.

What is Cloudbleed?

Cloudbleed is the name of the newest major security breach bug from an Internet security company known as Cloudflare. The issue arose when users entered their information onto secured “https” sites, such as a login page. Cloudflare’s service is meant to help securely move the information entered into the “https” sites between the user and the servers. Instead of deleting the information after it was used, the Cloudbleed bug caused Cloudflare’s security service to save potentially sensitive data, such as user credentials, photos, video frames, or even server and security information.

Who is affected by Cloudbleed?

There are currently around 3,400 websites believed to have been affected by the Cloudbleed bug, though the actual number could be much higher. The bug is believed to have started back as September, with the height of the problem occurring between February 13^th to the 18^th. Uber, Fitbit, and OKCupid are the main three that seemed to be directly affected by the bug. According to Cloudflare, the Cloudbleed bug is thought to have leaked information about “one in every 3,3000,000 HTTP requests” made through the service.

What can I Do Now?

As of now, Cloudbleed is no longer an active threat. Cloudflare was able to stop the bug just 44 minutes after it was discovered, and the problem was solved completely in 7 hours. While the impact is minimal and requires no immediate action, there are a few things individual users can do to keep themselves safe from potential data leakage.

It is recommended that you change your password on any account that uses Cloudflare. This includes sites such as OKCupid, Fitbit, and Medium are some of the most popular sites that are known to use Cloudfare’s services. If you are unsure whether or not a site you use was affected, there is now a webpage that tells you whether or not a site is infected. 

It is also recommended that you use a two-step authentication on any site or service that offers it. This will ensure that no one will be able to access your account, even if they are able to get your user credentials.

-

With thousands of security breaches per year, you can’t afford to wait for security. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how to keep your data safe.