IoT: Nearly a Million Children’s Toys Containing Private Voice Recordings, Hacked And Held For Ransom

Internet of Things is becoming more problematic

When it comes to the Internet of Things or IoT (especially with toys), it seems people will never learn! We’ve covered this story a couple times now with Hello Barbie two holiday seasons ago, and last Christmas’ My Friend Cayla and i-Que Robot. However, these CloudPet has a new twist..

Weaknesses in our Wireless World

CloudPets are exactly what they sound like: Stuffed animals connected to the internet. What sets these toys apart is that loved ones can upload messages for the child that the plush toy then delivers. However, CloudPets had an especially flimsy security infrastructure (which was found on the search engine, Shodan, which indexes that kind of thing.) All 800,000 account and 2.2 million individual voice files were hacked and held ransom for bitcoins, a type of internet currency. Now, CloudPets didn’t end up paying the ransom, so they probably used a back-up of the files.

Sketchy privacy policy

Now, the company who own CloudPets haven’t informed consumers about the breach and they haven’t responded to inquiries about it. The company keeping mum to their consumers could be against the law – but at the very least, it’s unethical.

The IoT Safertech solution

If you must have a toy – or any device, gadget or appliance – in your house that’s connected to the Internet, change your password now – and often.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.