Talking doll exposes millions of private recordings between parents and kids


Strangers may be listening in on your child’s private conversations through a toy, according to a new report by security researcher Troy Hunt. 

Millions of voice recordings between parents and their kids were exposed in a massive data breach involving a connected toy company, says Hunt, and nearly 820,000 users were exposed to hackers.

CloudPets, a California-based company, makes toys for kids that connect to an app, which allows parents to send messages to their kids that are playable through a stuffed animal.

Anyone within Bluetooth range can connect with the toys.

To create a CloudPets account, users must provide their child’s name, e-mail address and photo.

Researchers say all of that information was stored on an insecure Amazon database.

Hackers didn’t need authorization to access this database and although users’ passwords were encrypted, the software did not have the minimum password requirement needed to protect users’ data, leaving millions of accounts vulnerable, according to researchers.

A hacker found the CloudPets database, deleted the data and held it for ransom, according to investigators.  In his or her ransom note, the hacker told CloudPets they would need to send him or her an undisclosed amount of Bitcoin payment in order to get back their data.

The data was apparently restored from backup and as of now, the database is longer accessible.

Researchers say CloudPets has not yet notified customers of the breach, which may be a violation of California state law.

Hunt suggests users should change their passwords to protect their personal information.

STORIES OTHERS ARE CLICKING ON- provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others and keep the conversation on topic and civil. If you see an inappropriate comment, please flag it for our moderators to review.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s