Following the news of the CloudPets Data Breach, Tod Beardsley, Director of Research at Rapid7 commented below.
Tod Beardsley, Director of Research at Rapid7:
While bad, these three technical design failures could have been addressed, but for the fourth issue discovered: CloudPets seems uniquely uninterested in handling reported vulnerabilities. Emails and voicemails from security researchers and reporters appear to have been ignored, as were demands from database ransomers.
Even when companies ship IoT vulnerabilities, we tend to give them the benefit of the doubt when first reporting these issues. When Rapid7 reports vulnerabilities, we do get some kind of response about 70% of the time, and are able to engage with technical staff responsible for fixing vulnerabilities. In nearly all of those cases, the companies do produce a fix, or at least offer mitigation advice to customers. It’s become increasingly rare to come across companies that don’t respond at all, so the case with CloudPets is unusual in that regard.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.