If your children have a Cloud Pets interactive soft toy then you need to know about today's report of a data breach that has exposed 2 million voice messages.
The BBC reports that an open database containing links to voice messages recorded on Cloud Pets toys has been discovered by cybersecurity researcher Troy Hunt, and he says that at one point the data was even held to ransom.
Cloud Pets* are toys that enable you to record and send voice messages, and although messages are encrypted it appears that they have been left vulnerable to hackers.
There are also concerns that there are no password rules at all when you set the accounts up, meaning lots of people had selected passwords that were extremely easy to crack.
"Because there were no rules, lots of people created bad passwords," he told the BBC.
"I did an exercise and found it was really easy to create them. Lots of people were using the password Cloudpets because that's what people do."
British security researcher Ken Munro told the BBC that Cloud Pets show similar vulnerabilities to the Cayla doll, that was found to be easily breached and could even be hacked to spy on its owners.
There is no Pin number required to sync Cloud Pets with other devices and Ken Munro explained:
"If you have a Cloud Pets bear, switch it off. It might be a good idea for people to try to delete their accounts - it's possible that the recorded data might go. Try to remember what password you set for the account - and if you used it anywhere else, change it."
Do you have a Cloud Pet and if so will you continue to use it, but with a new password? Or has this new report put you off interactive connected toys for your children?
Comments