Well, this is creepy. A weak spot in the security of CloudPets toys, which connect to mobile apps and let parents and loved ones send audio messages that are played through voice toys in the form of stuffed bears, dogs, cats and rabbits, allowed anyone access to personal information, photos and recordings of children’s voices. The information was briefly held for ransom.
According to CNN, security researcher Troy Hunt compiled a report that showed more than 820,000 user accounts were exposed, which included more than 2 million audio and voice recordings.
Hunt discovered that kids’ information – name, email address, even photos – was stored on an insecure database easily compromised, then indexed by Shodan, a search engine for insecure devices, like toys, that could be leaking data.
Apparently, that’s what happened with CloudPets: Whoever accessed the data deleted all of it, and in its place posted a ransom note. Instead, CloudPets ignored the demand and restored the data from a backup.
However, what is most alarming is that the company hasn’t informed users of the breach, and any compromised passwords and personal information could be available and accessible. So spread the word to your friends and families to be careful of their CloudPets!