Internet-connected toys leak over 2M voice messages2017-02-28 16:52 by Daniela
A recent data leak exposed the login credentials of more than 800,000 people who own Spiral Toys' CloudPets.
CloudPets toys connect to mobile apps and let parents send messages to their children that are played through the stuffed animals. The toys launched in 2015, and include stuffed bears, dogs, cats and rabbits.
Like other toys that connect to the internet, CloudPets stores all that data in the cloud, not on your smartphone itself. When you create an account with CloudPets, you give it your child's name, an email address and a photo.
A security vulnerability allowed anyone to view personal information, photos and recordings of children's voices from CloudPets toys. And at one point, some people tried to hold all of that information for ransom.
"We want to be clear that no messages or images were compromised since they are on another server entirely and without both the login information and password they are nearly impossible to reach," Spiral Toys said.
Read more -here-