We’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!

Then it’s your feedback, a huge roundup, and so much more!

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages

  • Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed

  • Spiral Toys xCEO denies voice recordings stolen

  • CloudPets left their database exposed publicly to the web without so much as a password to protect it.

  • There are references to almost 2.2 million voice recordings of parents and their children exposed by databases that should never have contained production data.

  • CloudPets has absolutely no password strength rules

  • The CloudPets Twitter account has also been dormant since July last year so combined with the complete lack of response to all communications, it looks like operations have well and truly been shuttered.

Spammers expose their entire operation through bad backups

  • Today we release details on the inner workings of a massive, illegal spam operation. The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected. Spammergate: The Fall of an Empire

  • The data from this well-known, but slippery spamming operation, was discovered by Chris Vickery, a security researcher for MacKeeper and shared with Salted Hash, Spamhaus, as well as relevant law enforcement agencies.

  • Vickery also discovered thousands of warm-up email accounts used by RCM to skirt anti-spam measures

  • RCM’s data breach also exposed 2,199 IP addresses used for public-faced activities; as well as the group’s internal assets. This is in addition to the 60 IP blocks RCM has identified for activities in the past, as well as current and future operations; and the 140 active DNS servers that are rotated frequently.

  • Based on campaign logging documents, the data breach also exposed more than 300 active MX records. In just two spreadsheets alone, RCM recorded nearly 100,000 domains used for their campaigns.

  • If an offer doesn’t inbox (meaning it is rejected, or otherwise dumped into a spam or junk folder), or a given domain is blacklisted, RCM goes back to a list of thousands of domains and selects another to restart the process.


Round Up:

Question? Comments? Contact us here!