Daycare Webcam Service Exposes 12,000 User Accounts

2021-02-23 19:59

NurseryCam, a webcam service used across 40 daycare centers in the U.K. by parents who want to keep a watchful eye on their babies, has shut down following a data breach.

By Saturday, the NurseryCam service was shut down while a fix is being sorted out.

NurseryCam told the BBC that it doesn't believe anyone watched the webcam without permission; instead, the director for NurseryCam and sister companies Meta Technologies and FootfallCam, Melissa Kao, told BBC the person behind the breach contacted the company to report the incident.

IoT security researcher Andrew Tierney has been raising the alarm about NurseryCam's security dating back to 2015, when it became clear that the IP address, username and password for the DVR in the daycare center, "Are leaked in the HTML source when viewing the cameras using ActiveX," he wrote.

Parents who use the NurseryCam service told The Register they had reported vulnerabilities to the company, some were addressed, while others felt the response was inadequate.

Tierney told BBC he was also contacted by the attacker who was able to steal NurseryCam's user data last Friday and reached out to the company to offer his assistance.

News URL

https://threatpost.com/daycare-webcam-exposes-12000/164203/