CloudPets maker Spiral Toys left children’s voice recordings and account info exposed, reports say. It appears hackers stole and ransomed user data.
Account information on 800,000 CloudPets users was left unprotected on the internet, as well as 2.2 million voice recordings sent between children and their loved ones, according to reports.
Bad news for parents and kids who sent each other voice messages through internet connected stuffed animals called CloudPets — their account information and voice recordings were left exposed on the internet, ready for anyone with a few web search skills to find.
That’s according to reports from cybersecurity expert Troy Hunt , as well as Vice cybersecurity publication Motherboard .
The account information of more than 800,000 users, which included email addresses and easily guessed passwords, was stored on an online database that could be viewed by anyone — no password required, both reports said. Nearly 2.2 million voice recordings were also stored online unsecured; hackers could listen to them by guessing the URL of the recording, Hunt found.
