CloudPets connected toys can be turned into remote surveillance devices

The CloudPets data breach saga continues, as Spiral Toys finally reported the breach to the California Attorney General’s Office.As a reminder: Leaked data provided to security researcher Troy Hunt showed that MongoDB databases containing personal information, hashed passwords and voice recordings of messages by children and parents using CloudPets teddy toys were sitting unprotected on the Internet since December 2016.The databases were repeatedly accessed by unauthorized users, some of which apparently dumped the contents on their servers, deleted the databases, and asked for ransom to return the data.

Downplaying the seriousness of the data breachThe breach notice sent to the California Attorney General’s Office includes false claims that the company was told about a potential breach on February 22, when researchers and reporters repeatedly sent messages to as many company email addresses and social media accounts they could find, warning them of the breach.

Hunt has gone through the notice and pointed out (at the very end of the write-up) the many inaccuracies and misinformation included in it, so I won’t be repeating them here. Suffice to say that the company is still trying to make it look like they did everything they could to prevent a breach, and that the breach is not as extensive as it effectively, provenly is.

Source: CloudPets connected toys can be turned into remote surveillance devices – Help Net Security

Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at

%d bloggers like this: