Millions of Kids’ Conversations Leaked Due to Teddy Bears
CloudPets, the creator of IoT-connected stuffed animals, recently had their database hacked, leaving millions of voice recordings exposed.
Recently, CloudPets’ database was hacked, and more than half a million people had their data leaked. CloudPets is a company that sells stuffed animals that are connected to the Internet of Things. Their stuffed animals can connect to an app via Bluetooth to allow parents to record audio messages or else play pre-recorded messages through the stuffed animal. While this could make a child’s toy more fun and interactive, these messages unfortunately weren’t securely stored in CloudPets’ database, along with the rest of their customers’ account information. If a major company’s database can be breached, it’s possible for hackers to access data on any of your devices, including your smartphone. DFNDR’s Advanced Protection feature ensures that even if hackers gain access to your phone, virtually or physically, they will not be able to uninstall DFNDR and your data will remain safe. Click here to activate Advanced Protection:
How Was the Data Breach Revealed?
Troy Hunt, who runs a breach notification website, revealed that the database was publicly accessible, meaning that it wasn’t password-protected or hidden behind a firewall. According to Hunt, the data was traded online as early as last year, and often held for ransom. He had attempted to warn CloudPets of this data breach, without success. However, after CloudPets was notified of the breach — even though they did not publicly acknowledge the breach or inform users that their data was compromised — their original database was deleted. Shortly after, none of their databases were publicly accessible.
Internet of Things Devices Often Have Weak Security
This isn’t the first time that IoT-connected toys were hacked. In 2015, for example, VTech experienced a large data breach that revealed personal information of more than five million adults and 200,000 kids. Shortly after, a Barbie doll by Mattel was found to be easily hackable. The doll could be used to record conversations in real-time.
In addition to companies improving their database security, incidents like this could be prevented in the future if users follow safe online practices. This includes creating stronger passwords, using two-factor authentication when possible, and exercising caution when using IoT-connected devices. Many IoT devices, in general, are insecure; you should share as little data with them as possible, or neglect using IoT-connected toys all together until security is improved. Further, make sure that your router is a newer model that receives frequent security patches and updates.