The National Cyber Security Alliance (NCSA), a public-private partnership promoting cyber security and privacy education and awareness, has issued an alert on a company called CloudPets™ and its internet-connected toys – specifically a Teddy Bear. The CloudPets™ toys are designed to allow parents to send messages to their children, to the toy via WiFi or Bluetooth.
The Problem: CloudPets™ failed to secure the server where all of the login credentials were stored and they left parent/child massages on another unsecured server. The login credentials server has been wide open since Christmas 2016. To date, over 800,000 account credentials were stolen. To make matters worse, CloudPets™ servers were hacked and the data held for ransom.
The first take-away: If your child has a CloudPets™ toy, retrieve it and remove the batteries. At minimum, restrict the permissions on the app associated with this toy.
Although you can’t always control how others protect your data, there are steps you can take to tighten up your in-home network security.
- Keep all your computer systems and mobile devices up to date, including O/S updates and security patches.
- Enable the firewall on all systems, whenever possible.
- Change the default password on your router to a unique, strong password. Use strong passwords on all devices.
- Be sure that your router has a built-in firewall and turn it on.
- Check the permissions and privacy settings on all devices, apps, and internet of things (IoT) devices like smart refrigerators, TV’s baby monitors, etc,, to maximize your security.
For more details on this breach, check out the NCSA’s Response to CloudPets™ Breach. For additional tips on how to keep your children safe online, go to Consumer Reports: How to Protect Children’s Online Privacy. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org.