Unfortunately that nightmare has become a reality for one company. In a report from Motherboard, a company by the name of Spiral Toys had left customer data of its CloudPets brand on a database that was not password-protected or behind a firewall. This resulted in the data, more than 800,000 user accounts credentials, being stolen by hackers and held for ransom.
According to Troy Hunt, a security researcher and Victor Gevers, the chairman of the non-profit GDI Foundation, the database has been spotted making its rounds in the internet underground and it was also spotted that along with the user account credentials, close to 400,000 friend records and over 2 million voice messages had also been stolen.
In Hunt’s blog, he writes, “It only takes one little mistake on behalf of the data custodian […] and every single piece of data they hold on you and your family can be in the public domain in mere minutes. If you’re fine with your kids’ recordings ending up in unexpected places then sobeit, but that’s the assumption you have to work on because there’s a very real chance it’ll happen.” Spiral Toys has yet to comment on the incident.