You are here:Home » Technology/Science

Peek-a-boo: Internet-connected toy compromises 800,000 accounts

Internet-connected toys seem to be a new way through which hackers plan on potentially getting their hands on the user’s personal details. Just recently, we published a report regarding how Germany banned an internet-connected doll called ‘Cayla’ over fears hat hackers could target children. Now a new report suggests that Spiral Toys — maker of the Cloud Pets line of stuffed animals — has reportedly exposed over 2 million voice recordings of children and parents as well as e-mail addresses and password data for more than 800,000 accounts.

The company is know to manufacture toys that record and play voice messages that can be exchanged via internet to parents and children. Troy Hunt of Have I been Pwned? (breach-notification website) was the first to point out the fact that searches using the Shodan computer search engine and other evidence indicated that since December 25 and January 8, the customer data was accessed multiple times by multiple parties, including criminals who ultimately held the data for ransom. The recordings are apparently available on an Amazon-hosted service that requires no authorisation or access.

“It’s impossible to believe that CloudPets (or mReady) did not know that firstly, the database had been left publicly exposed and secondly, that malicious parties had accessed them. Obviously, they’ve changed the security profile of the system and you simply could not have overlooked the fact that a ransom had been left. So both the exposed database and intrusion by those demanding the ransom must have been identified yet this story never made the headlines,” Hunt wrote.

According to a report published by Ars Technica, the MongoDB database of 821,296 accounts records was stored by a Romanian company called mReady, which Spiral Toys appears to have contracted with.

No reports regarding what action will be taken against Spiral Toys have emerged yet.


To keep yourself update for Technology/Science news, follow us on facebook or twitter.