There’s a general rule when it comes to storing data about children, in the UK and in US you cannot collect personal information for those under the age of 13, and for good reason, our children should be protected, especially online.
According to a recent report by the cyber security expert Troy Hunt, more than 800,000 users have been affected by a recent leak of information from the CloudPets toys, including email addresses and passwords.
This information was stored in a MongoDB database that could be viewed by anyone, with no password required.
He went on the state that 2.2 million voice recordings were also stored online in an unsecured format, allowing hackers to listen to them by simply guessing the URL (which was for an AWS S3 account), which is pretty extraordinary for this century and we think that it breaks the child protection acts of the US and the UK, given that some of those recordings could indeed be personally identifiable. There’s no doubt that Spiral Toys, the owner of CloudToys should be reprimanded for such poor security of the data that their customers trusted them with, or likely didn’t know that they were even storing.
That said, Hunt has already speculated that the company has already shuttered operations due to their stock value currently sitting at 1%, although that has been the case for some time.
Hunt did find that the data was no longer publically searchable after January 13th, however, he did also say that there was compelling evidence that the database was copied by hackers and then put as a ransom against the company, to be paid in bitcoin.
You can read more about Troy Hunt’s discovery at the source link below, but before you do, we advise that you remove any CloudPets toys from your home and stop using them asap.
Also be sure to change any similar passwords and to lock down your linked email account. We would also warn you to steer away from other products from Spiral Toys, such as the WiggyApp connected piggy bank.
If this wasn’t enough to scare you into doing that, this tweet will:
— Handsome Neil (@MisterZoomer) January 29, 2017
Source: Troy Hunts