NurseryCam daycare cam service shut down after security breach

Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service.

On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

In response to the incident, the company shut down its IoT camera service on Saturday and reported the security breach to the parents.

“On 17:18 Friday 19th February 2021, it has come to our attention of a cyber incident detected in our NurseryCam system.” reads the security noticed sent by the company to the parents.

NurseryCam is a webcam solution that allows parents to watch their children while at nursery school. The service was used by about 40 nurseries across the UK.

NurseryCam daycare cam service shut down after security breach

NurseryCam has also reported a possible data breach to the UK’s data watchdog, the Information Commissioner’s Office (ICO).

The attackers exploited a “loophole” in its systems to obtain data from parents’ viewing accounts, exposed data includes usernames, hashed passwords, names, email addresses.

“The person who identified the loophole has so far acted responsibly,” said Dr Melissa Kao, director of FootfallCam Ltd and Meta Technologies “He stated he has no intention to use this to do any harm [and] wants to see NurseryCam raise the overall standards of our security measures.”

According to El Reg the security breach impacted 12,000 NurseryCam users’ accounts, the attackers dumped them online.

The El Reg reported that a FootfallCam corporate customer that has used the devices has found some security issues and reported them to FootfallCam. The customer explained that he was able to browse “data for other customers” by simply manipulating URL parameters in his browser.

Another NurseryCam user told El Reg he had reported multiple flaws in the product to the vendor in 2020, but it had received an unsatisfactory response.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, IoT)

The post NurseryCam daycare cam service shut down after security breach appeared first on Security Affairs.

By admin