Strangers may be listening in on your child’s private conversations through a toy, according to a new report by security researcher Troy Hunt.
Millions of voice recordings between parents and their kids were exposed in a massive data breach involving a connected toy company, says Hunt, and nearly 820,000 users were exposed to hackers.
CloudPets, a California-based company, makes toys for kids that connect to an app, which allows parents to send messages to their kids that are playable through a stuffed animal.
Anyone within Bluetooth range can connect with the toys.
To create a CloudPets account, users must provide their child’s name, e-mail address and photo.
Researchers say all of that information was stored on an insecure Amazon database.
Hackers didn’t need authorization to access this database and although users’ passwords were encrypted, the software did not have the minimum password requirement needed to protect users’ data, leaving millions of accounts vulnerable, according to researchers.
A hacker found the CloudPets database, deleted the data and held it for ransom, according to investigators. In his or her ransom note, the hacker told CloudPets they would need to send him or her an undisclosed amount of Bitcoin payment in order to get back their data.
The data was apparently restored from backup and as of now, the database is longer accessible.
Researchers say CloudPets has not yet notified customers of the breach, which may be a violation of California state law.
Hunt suggests users should change their passwords to protect their personal information.
STORIES OTHERS ARE CLICKING ON-
- Undercover detectives arrest 6 men for indecent exposure, solicitation at Caspersen Beach
- Teenager shot to death after young girl sneaks him in house
- What were they thinking? Tampa Bay orthodontist says do-it-yourself braces, are a don’t
- WATCH: Animal park awaits birth of baby giraffe
- Police ID teenagers accused of shooting up business in Clearwater