Toys Exposing Personal Information through Data Breach
March 8, 2017
A line of toys manufactured by internet-based company, CloudPets, has left the personal information of nearly 800,000 consumers exposed to hackers everywhere. The toys are stuffed animals that can record, store and then replay voice recordings that are created over the internet. More than 2 million consumer voice recordings have been exposed along with people’s personal information.
The company has been contacted by multiple sources in regard to the privacy exposure issue. Interestingly, not a single representative has responded to any of the inquiries. The personal information, including password, login and the voice recordings of consumers, was easily accessible to anyone who was attempting to gain access and had a slightly greater-than-basic understanding of computers and technology.
An online security specialist named Troy Hunt first discovered the issue, and went as far as to uncover consumer’s personal information to prove how easy it was to breach. With minimal effort, Hunt was able to hear people’s personal recordings. Many families who have members serving in the military overseas use these toys to relay messages back and forth, since a consumer can simply record a message on the internet.
After purchasing a toy from CloudPets, users download an Android or iPhone application to record personal messages that are then transmitted. The website for CloudPets even offers free shipping for any consumers who are on active military duty. The toys range from $9 to about $20. They appear fairly easy to set up and simple to use.
Perhaps for that very reason, there was even more information that Hunt was able to access. The site asked consumers to note authorized users, such as friends, parents or grandparents, which hackers could then see. Children’s birthdays and their names were also exposed.
Hunt also discovered that if a hacker decided to, he or she could send their own messages to the toys through the application that was used to record them. Since the toys were so often gifted to children, this is particularly disturbing news. Strangers can send messages to kids, trying to prank or scare them. One user even demonstrated this by playing a joke on his wife with a frightening message in order to show how easy it is for anyone to do. The application for CloudPets is still up and running, which means that personal information can still be breached, and hackers are still able to send messages.
So what dangers does this exposure pose to the information of consumers? In reality, many people tend to use the same password across different websites, such as for email accounts and credit card accounts. Hackers could gain a person’s login and password through CloudPets, and then apply it to other accounts. Similarly, consumer’s email addresses could be sold for marketing and advertising purposes, leading to an excess of spam emails.
This kind of data breach indicates that these types of connected devices may not be worth the risk that they pose to consumers. Evidence shows that at least two times, hackers have blackmailed the owners of CloudPets, threatening to use consumer’s personal information if the company owners did not pay for its reinstatement.
In this age of technology, it is no surprise that internet-connected products are common and gaining popularity. But news of hackers and privacy breaches are common, as well. There are other options for toys and voice recording products that will not put consumer’s personal information at such a serious risk. For some reason, CloudPets is still up and running and has not taken down its website or services even in the midst of these exposures. Hunt has advised that the company puts a temporary hold on everything, taken its application offline, until all privacy issues have been resolved.
If you or a family member currently owns a CloudPets product, we encourage you to contact the manufacturer. We also suggest that you change your login and password to attempt to protect yourself against any kind of privacy breach.
Philadelphia Products Liability Lawyers at Galfand Berger, LLP Advocate for Victims of Information Data Breach
The Philadelphia product liability lawyers at Galfand Berger have successfully represented clients for an array of product-based liability issues. If you have any questions or concerns, an attorney at Galfand Berger, LLP can help. With offices located in Philadelphia, Reading and Bethlehem, we serve clients throughout Pennsylvania and New Jersey. To schedule a consultation, call us at 800-222-8792 or complete our online contact form.