The demand for interactive toys has caused a wave of new “smart” toys to hit the market. However, one particular company is getting heat from consumers as its line of internet-connected stuffed animals has exposed personal information of more than half a million customers.
According to The Huffington Post, the stuffed toys, manufactured by CloudPets, have leaked email addresses, passwords and profile pictures of customers, along with over 2 million recordings of children and adults who used the stuffed toys.
It was reported that since Christmas Day of last year, information on the CloudPets server was stored in an exposed database which is easily accessible to anyone on the Internet who knew where to look.
The toys have the ability to store and play back voice messages sent to them through the Internet. Anyone in the world can record and send messages using the CloudPets App, which means that parents who work overseas or a deployed family member can send messages to a child at home.
Online security expert Troy Hunt was one of the first to have noticed the breach. On his website, Hunt said that the influx of smart toys such as CloudPets, the Cayla doll, which was previously reported by Jobs & Hire, and Hello Barbie pose serious privacy risks.
Hunt said that parents don’t realize that their “intimate, heartfelt, extremely personal recordings” on a CloudPet are stored in an audio file on the Internet. The online security expert said that the data was stored in a MongoDB that was in a publicly facing network segment and had been indexed by Shodan, a popular search engine for finding connected things.
Hunt and several others attempted to warn CloudPets to the security oversight, but has yet to hear a response from the toy company.
In an email message to The Huffington Post, Hunt warns parents to think twice before bringing in any internet-connected devices into their homes, especially ones that their children will be using on a regular basis.
“The bigger picture here is to think very carefully before giving a child a connected device like this,” said Hunt. “By all means, get them involved early with computers and responsible Internet use, but in my view connected toys like this pose too great a risk.”