On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd.
In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents.
“On 17:18 Friday 19th February 2021, it has come to our attention of a cyber incident detected in our NurseryCam system.” reads the security noticed sent by the company to the parents.
NurseryCam is a webcam solution that allows parents to watch their children while at nursery school. The service was used by about 40 nurseries across the UK.
NurseryCam has also reported a possible data breach to the UK’s data watchdog, the Information Commissioner’s Office (ICO).
The attackers exploited a “loophole” in its systems to obtain data from parents’ viewing accounts, exposed data includes usernames, hashed passwords, names, email addresses.
“The person who identified the loophole has so far acted responsibly,” said Dr Melissa Kao, director of FootfallCam Ltd and Meta Technologies “He stated he has no intention to use this to do any harm [and] wants to see NurseryCam raise the overall standards of our security measures.”
According to El Reg the security breach impacted 12,000 NurseryCam users’ accounts, the attackers dumped them online.
The El Reg reported that a FootfallCam corporate customer that has used the devices has found some security issues and reported them to FootfallCam. The customer explained that he was able to browse “data for other customers” by simply manipulating URL parameters in his browser.
Another NurseryCam user told El Reg he had reported multiple flaws in the product to the vendor in 2020, but it had received an unsatisfactory response.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, IoT)
[adrotate banner=”5″]
[adrotate banner=”13″]
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…
Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
This website uses cookies.
