U.S. Markets closed

'Smart' teddy bear leads to privacy breach of 800,000 accounts

According to multiple sources, personal user information from CloudPets users was left exposed by the parent company. (CloudPets.com)

An internet-connected teddy bear is responsible for thousands of usernames, passwords and personal messages being made available online for anyone to see.

Spiral Toys, the toy company responsible for CloudPets, left 800,000 customer credentials on a database that was not protected by a firewall, according to both Motherboard and tech blogger Troy Hunt.

CloudPets are stuffed animals that let children record, send and receive messages to someone with the CloudPets app. The teddy bear can also play a lullaby and has interactive games the child can play.

800,000 usernames, email addresses passwords as well as two million messages recorded using the CloudPets software are reportedly easily available online using Shodan, a search engine that can find unprotected websites and servers, Motherboard reports.

The data was exposed between late December and early January. At least two security researchers were able to access the information during that time (including Hunt).

The breach, while significant in the number of accounts that were exposed, is one that tech security experts have been anticipating on some level for a while now. As more toys get “smarter” and develop internet connectivity, like Hello Barbie, or the new Furby toys, the risk of information exposure increases — a particularly pertinent risk when the information of children is involved.

In November 2015, electronic educational toy company VTech saw a leak of its customer information,  which saw hackers gain access to 10 million of the company’s customer accounts. While the breach was serious and VTech responded to it with improved security, they also updated their terms and conditions to pass responsibility to the parents in the event of such a breach, changing it to read “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”

While CloudPet is yet to issue a response to the breach, VTech’s example highlights that there is a certain inherent risk in using increasingly connected toys in an increasingly connected world.

More tech news from Yahoo Canada Finance: