CloudPets Data Leak Includes Credentials of Over 800,000 Customers: Reports

Advertisement
By Tasneem Akolawala | Updated: 28 February 2017 18:37 IST
Highlights
  • Spiral Toys' IoT Teddy Bears' data leaked
  • Two million parents and kids voice messages leaked
  • Spiral Toys stock value is around zero
CloudPets Data Leak Includes Credentials of Over 800,000 Customers: Reports

Spiral Toys, a company that makes connected CloudPets teddy bears, had mistakenly left its clients' sensitive data and messages exposed online for at least two weeks. This leak left more than 800,000 customer credentials, and two million message recordings exposed to malicious activities by hackers.

Motherboard reports that Spiral Toys left CloudPets data unencrypted without any protection of a firewall or even a password since Christmas last year, till at least the first week of January. This public data was found by two researchers, one being Troy Hunt, who claims that cybercriminals found this database, and tried to overwrite it twice. Cybercriminals were actively looking for exposed MongoDB databases in the beginning of January to delete their data and hold it for ransom.

Spiral Toys has been completely mum about the breach, and is looking to file for bankruptcy as their stock value is around zero, the report says. This breach again puts the spotlight on the importance of security on IoT devices. Most IoT devices are not secure by default, and manufacturers need to make privacy and security a priority, and release all IoT devices with default security measures moving forward.

"It only takes one little mistake on behalf of the data custodian [...] and every single piece of data they hold on you and your family can be in the public domain in mere minutes. If you're fine with your kids' recordings ending up in unexpected places then so be it, but that's the assumption you have to work on because there's a very real chance it'll happen," Hunt wrote in his blog post.

Advertisement

The CloudPets teddy bear essentially allowed family members to send voice messages to their kids via the teddy bear using an app. The kid could also record messages as a reply and send it to their parents who could hear it on the app. While the product seems innocent, the customers' credentials and conversations were not kept in a safe place, and were available for everyone to hear and exploit. We recommend severe caution in using such IoT devices in the future.

A similar potential IoT product breach led to the German authorities banning it altogether. The Internet-connected doll called My Friend Cayla could chat with children, and the authorities warned that it was a de facto "spying device". Parents were urged to disable the interactive toy by the Federal Network Agency which enforces bans on surveillance devices. The authorities warned that the doll could record or transmit anything a child says, or other people's conversations, without parents' knowledge.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: IoT, CloudPets, Spiral Toys, Data Breach, IoT Hack, Security
Gionee A1, A1 Plus First Look
Advertisement

Related Stories

Rocket Lab Launches Final Five Satellites for Kinéis' IoT Constellation
20 March 2025
Rocket Lab Delays IoT Satellite Launch to Ensure Safe Trajectory in Space
6 February 2025
Jio Things, MediaTek Unveil 4G Smart Android Digital Cluster, Smart Module for Two-Wheelers EVs in India
26 July 2024
India Saw Massive Surge in Ransomware, IoT Cyber Attacks in H1 2023: Report
4 August 2023
Realme, Other Chinese Companies Dominate India's Home Surveillance Camera Market in 2022: Counterpoint
17 March 2023
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. WWDC 2025 Live Updates: Apple Expected to Announce iOS 26, macOS 26 and More
  2. iQOO 13 and More Available With Discounts During iQOO 5th Anniversary Sale
  3. Realme Narzo 80 Lite 5G India Launch, Price Range and Key Features Teased
  4. Vivo Y400 Pro 5G Colour Variants, RAM and Storage Options Leaked
  5. iOS 26 May Feature "Liquid Glass" Elements Throughout the User Interface
  6. Samsung Galaxy Z Fold 7, Z Flip 7 Unpacked Event Said to Be Held Mid-July
  7. Call of Duty: Black Ops 7 Confirmed at Xbox Games Showcase: All Announcements
  8. You Can Now Tell Gemini to Complete Tasks at a Specific Time on the App
  9. AI Mode in Google Search Can Now Generate Interactive Charts and Graphs
  10. Poco F7 India Launch Teased; Flipkart Availability Confirmed
#Latest Stories
  1. Lava Storm Play 5G, Storm Lite 5G India Launch Set for June 13; Design, Camera Features Teased
  2. Google Search’s AI Mode Is Getting an Interactive Data Visualisation Feature
  3. Call of Duty: Black Ops 7, Persona 4 Revival, Grounded 2 and More: Everything Announced at Xbox Games Showcase
  4. Vivo Y400 Pro 5G May Launch in India Soon; Colour Variants, RAM and Storage Options Tipped
  5. Poco F7 India Launch Teased; to Be Available for Purchase Via Flipkart
  6. iQOO 13, iQOO Neo 10 and More Available With Discounts During Company's 5th Anniversary Sale
  7. Cybersecurity Researchers Find 20 Crypto-Phishing Apps on Google Play Store: Check List
  8. Oppo Find X9 Series Said to Get Flat Screens; X9 Ultra Tipped to Feature Dual-Periscope Cameras
  9. Stablecoin Firm Circle Adds to Stellar First Day Gains with Another Stock Surge
  10. Sam Altman’s Eyeball-Scanning Identification Tech Expands to UK
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.