Skip to main content
  1. Home
  2. Smart Home
  3. Smart Home News

Connected CloudPets teddy bears blab on owners, leak 2 million voice recordings

Amazon, Walmart, and Target are no longer selling CloudPets

By
Cloud Pets As Seen On TV Commercial

Remember when the worst thing that could happen to your doll was it losing an eye? How times have changed.

Recommended Videos

In the latest toy scandal (yes, those are a thing now), a connected teddy bear leaked the voice recordings of more than 2 million children and parents, along with email addresses and password information associated with more than 800,000 accounts. As first reported by Troy Hunt in a blog post published in late February, Spiral Toys, the company behind the CloudPets line of stuffed animals, left a whole lot of user data vulnerable to attack. Now, those toys have been pulled from a number of retailers, including Amazon, Walmart, and Target.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

Amazon began taking down CloudPets from its online marketplace after being contacted by Mozilla, which offered research that highlighted the potential dangers of the child’s toy.

“In a world where data leaks are becoming more routine and products like CloudPets still sit on store shelves, I’m increasingly worried about my kids’ privacy and security,” Ashley Boyd, Mozilla’s vice president of advocacy, said in a statement.

When it comes to CloudPets, it looks like that concern is well-placed. A few months ago, Hunt explained the vulnerability, writing in his blog post, “…in CloudPets’ case…data was stored in a MongoDB that was in a publicly facing network segment without any authentication required and had been indexed by Shodan (a popular search engine for finding connected things).” So what does that mean? In essence, customer data could be easily accessed by just about anyone, and accessed it was. Hunt noted that as per data from Shodan, between December 25 and January 8, customer data was looked into many times by many people, including by malicious parties who demanded ransom for the release of some of this data.

Worse still, it would appear that CloudPets was actually warned of this problem, with Hunt noting that a good samaritan had “tried to contact CloudPets three times to warn them about the exposure.” Unfortunately, the email address listed on the company’s support page bounced back, and subsequent attempts at contact went unanswered.

Sadly, Hunt said, this kind of willful ignorance seems to be rather commonplace, particularly in the realm of cybersecurity. “Time and time again, there are extensive delays or no response at all from the very people that should be the most interested in incidents like this,” he wrote. “If you run any sort of online service whatsoever, think about what’s involved in ensuring someone can report this sort of thing to you because this whole story could have had a very different outcome otherwise.”

Updated on June 5: Amazon, Walmart, and Target pulled CloudPets from stores. 

Lulu Chang
Lulu Chang
Former Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Topics
Tineco’s docking vacuum has a special Prime Day price, but you can get it cheaper
A Tineco Pure One next to its charging base.

Vacuums feel like they're getting more and more expensive, and not just robot vacuum and mop combos, but ordinary hand vacs. You can go to Walmart and see bagged, corded vacuums that cost hundreds of dollars. It doesn't have to be that way. Tineco's Pure One vacuum brings power and convenience for the same price that other vacuums have, but with new features instead of going backwards into the world of cords and bags. Usually $459, it is down to $319 for Prime Day (that's a savings of $140 already) and we're happy to report you can get an extra 5% off with the code TIN25PDPR on Amazon. Tap the button below to see the vacuum yourself and snag this great deal, or keep reading for what makes this vacuum truly unique.

BUY NOW

Read more
This AI mower finally got a discount — grab it before it’s gone
m800 doing work on the lawn

If you’ve been holding off on getting a robot mower because you can’t stand the idea of burying boundary wires or babysitting your lawn from a clunky app, Prime Day is delivering for you once again. The Yardcare M800 Plus is one of the most intelligent, user-friendly smart mowers you can buy and now it's on sale. Pick-up the M800 Plus for $719.99, a savings of $180 (regular price $899.99).

A smarter way to mow

Read more
This Beatbot robotic pool cleaner gets all the leaves — 47% off for Prime Day
The Beatbot iSkim Ultra in the swimming pool.

Are you growing tired of gathering the leaves that are floating around in your swimming pool? Then you shouldn't miss this chance to get the Beatbot iSkim Ultra with a huge discount from Amazon's Prime Day. From $1,499 originally, it's on sale at 47% off for a lowered price of only $799. That $700 in savings are among the largest that you can get from the offers for Beatbot robotic pool cleaners during the shopping event -- act now and complete your purchase immediately to make sure that you get this device at nearly half-price.

BUY NOW

Read more