Family Orbit Spyware App Hacked, 281 Gigabytes’ of Kids’ Photos Exposed

Motherboard recently reported that a company [Family Orbit] that is selling spyware to parents to keep track of their children has been hacked. As a result, the pictures of hundreds of monitored children were leaked online, protected only by an easy-to-guess password, a hacker claims.

Hacker Breaches Spyware App Family Orbit, Leaks Photos of Kids Online

As explained by the media, the hacker, who is known for having hacked spyware maker Retina-X and for wiping its servers not once but twice, said he was able to find the key to the cloud servers of Family Orbit, a company that that markets itself as “the best parental control app to protect your kids.” What is mostly concerning is that 1) the servers contained the photos intercepted by the spyware, and 2) the company has already confirmed the breach.

The hacker claims that he had all the photos uploaded from the phones of children being monitored. But there were also screenshots of the developer’s desktops exposing passwords and other highly sensitive details.

What is the result of the breach?

The company left exposed 3,836 containers on Rackspace with 281 gigabytes of pictures and videos, the hacker said. The hacker shared screenshots showing he had access to the folders.

Unfortunately, Motherboard verified the breach after the hacker shared a sample of users with them. The media confirmed that those were active users by attempting to register to the service using the very same email addresses. Furthermore, Family Orbit also confirmed that the API key is stored encrypted in the app, and that they have observed some unusual bandwidth in their cloud storage.

The company quickly changed the API key and login details, and also took down the services until the vulnerabilities are fixed accordingly.

This breach is yet another incident (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: