The Cloud Pets brand was left on a database without a firewall nor password-protected. As a result, more than 800,000 customer credentials and 2 million message recordings were exposed online. According to researchers, the MongoDB was easy to find using Shodan. Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. The news of the Cloud Pets breach comes a few days after Germany warned parents that an internet-connected doll could spy on children. More than 800,000 emails and passwords were exposed in the breach that took place two months ago. Since then, the company Spiral Toys has not notified victims about the breach. Two researchers discovered the breach and warned Motherboard, who then confirmed the breach.
Full article here.