Apparently, three million Internet-connected toothbrushes were recently compromised and used to launch a DDoS attack. This is being widely reported across multiple news (and “news”) sources and it’s been a hot topic on various social media platforms for a day or so. It’s mad, right?
But there’s just one problem. It’s not true.
There are a number of red flags here. Out of the gate, a breach of this size should be all over the cybersecurity community, it’d be one of if not The biggest IoT breaches in history globally. It isn’t. Even for the layman, it’s light on detail; an attack on whom? No-one knows. Etc etc.
The story comes from a Swiss article which uses the toothbrush story as a fictional example, somewhere along the way it got lost in translation to English and then it spread like wildfire because crazy stories always do. You can read the original here (though you might need to C&P into Google Translate):
(The non-archive link is behind a paywall.)
The real story here is, if you’re a publisher of news articles then you really should be doing due diligence before posting potentially fake news. Once of a time we called this Investigative Journalism. For the rest of us, don’t believe everything you read on the Internet.