Cloud Pets sounds like a really great concept that was just horribly executed.
The toy itself is pretty cool. They have a series of plush animals (bears, unicorns and such) that you can connect with through Bluetooth and their app. You, a friend or family member could then record a message through your phone that your child would then hear by pressing the right paw of the plush toy. Your child could then record a responding message for you to retrieve on your phone by holding down the toys left paw.
So far pretty cool right?
Well it turns out Spiral Toys, the maker of Cloud Pets, stored all these recorded messages, emails and passwords on a server unprotected by a firewall or even a password for any evil doer to see. And an evil doer saw it.
According to security researcher Troy Hunt, over 820,000 user accounts were exposed, including 2.2 million voice recordings. But that’s not all…
Apparently the aforementioned evil doer logged on the server, deleted the data and posted a ransom note demanding to be paid in Bitcoins. CloudPets was able to restore the data, probably from some backup server. The information is now protected.
Could things get worse? Yep.
Spiral Toys is based out of California. California has a law requiring companies to notify users if their online information has been compromised so they can be mindful of changes and create new passwords.
But that is the end of the bad news right? Wrong.
Hackers also had the potential to leave new messages for the children to hear on their teddy bears, as this comedy spoof from Jimmy Kimmel makes light of.
Parents must understand that every time you give your child a toy that connects online or post pictures of your child online, the potential for someone to do something bad with that info is present. Having said that, I am guilty of both.
Feature image: CNN.com
Geeky Daddy 