Recently you might have heard that over in Germany, a particular children’s doll had been banned for sale over privacy issues. Because toys these days come with smarter features such as internet connectivity, the ability to record video and audio, we can only imagine the nightmare should these recordings be leaked or should these toys be hacked.
Unfortunately that nightmare has become a reality for one company. In a report from Motherboard, a company by the name of Spiral Toys had left customer data of its CloudPets brand on a database that was not password-protected or behind a firewall. This resulted in the data, more than 800,000 user accounts credentials, being stolen by hackers and held for ransom.
According to Troy Hunt, a security researcher and Victor Gevers, the chairman of the non-profit GDI Foundation, the database has been spotted making its rounds in the internet underground and it was also spotted that along with the user account credentials, close to 400,000 friend records and over 2 million voice messages had also been stolen.
In Hunt’s blog, he writes, “It only takes one little mistake on behalf of the data custodian […] and every single piece of data they hold on you and your family can be in the public domain in mere minutes. If you’re fine with your kids’ recordings ending up in unexpected places then sobeit, but that’s the assumption you have to work on because there’s a very real chance it’ll happen.” Spiral Toys has yet to comment on the incident.