Lessons from the viral toothbrush malware story

• Fortinet, which the outlet claimed had shared the details of the reported attack, later confirmed to several reporters that the attack written about was hypothetical.
• "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack," the company told 404 Media, noting the mistake had happened due to a translation error.

Why it matters: So little is publicly understood about cybersecurity and how experts discuss potential threats that even mainstream publications were duped into writing about the incident.

• ZDNet ran a headline saying, "3 million smart toothbrushes were just used in a DDoS attack. Really."
• Until Thursday, tech site Tom's Hardware had a headline that read, "Three million malware-infected smart toothbrushes used in Swiss DDoS attacks."
• And The Sun stuck to the following headline: "Over 3 million toothbrushes could be 'hacked' and 'turned into secret army for criminals,' experts claim."

Between the lines: Sure, smart devices are vulnerable to hacks, but criminal hackers are more likely to pursue attacks that lead to financial gain.

• Disrupting the internet service to a toothbrush — which is just logging data about someone's oral hygiene habits — doesn't really give a hacker much besides a good laugh.

• Instead, hackers would likely turn to ransomware or online fraud where they could get an easy payout.

Be smart: Many news sites are eager to get clicks — and in cybersecurity, that often means reporters and editors lean into the scariest parts of a hypothetical hacking scenario.

• When reading something that seems deeply terrifying, ask questions about why a criminal or nation-state would try to pursue such an attack: What do they have to gain? Is it worth carrying out?
• And make sure you take your own precautions: If you install software updates and use multifactor authentication, you'll likely be safe from (most) cyberattacks.