Following a Cloud Pets security breach, millions of private messages between parents and kids have been hacked, including emails and passwords. The private conversations between family members and their children were recorded via a listening device installed in the teddy bears which also tracked the conversations.
After buying the popular children’s teddy bear toy from Cloud Pets parents were prompted to install an app on their mobiles which would sync the bear to their smartphones. Hackers then targeted the smart-toy range, which pairs a child’s stuffed toy to the online mobile app where parents were able to record messages for the bear to speak when a button is pressed.
Internet security researcher, Troy Hunt has launched the website Have I Been Pwned? Which is a registry for parents to check if their security has been breached, and as it tuns out thousands of Australian families have already been affected. Hunt said “It is hard to tell because we don’t have exact data on the geography of everyone. We know from previous data breaches it is normally around 1 percent of people. We are probably looking at some single-digit thousand Aussies.”
Hunt also mentioned that the origin of the security failure was the fact that the database of the information applied to the bears was public, making it incredibly easy for hackers to find online.”Unfortunately, this one was ridiculously easy. The company that runs the service left their database public on the internet without a password, and people found it. It was that simple,” Hunt explained.
Hunt has also said that there is evidence to suggest that hackers have been using the personal information to hold people to ransom, according to recent developments. Hunt said, “I think the thing that we are all most concerned about is these toys recorded kids’ voices. This is the entire design of it. You leave a message for your father as a child or your mother, and the relative then leaves a message for you on their phone and sends it back to the kids. So who is listening to it? That scares all of us with kids, I think.”
The company behind the Cloud Pets brand, Spiral Toys, has made no comment so far about the hack.