Creepy teddy bear caught leaking kids’ private conversations online
Spiral Toys, the manufacturer of the SmartToy line CloudPets, left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen to. Some hackers went so far as to lock accounts and hold them for ransom.
The internet-connected Teddy Bear allows kids to communicate with far away friends and relatives without having to give them their own phone, though parents do have to download the CloudPets App to a phone or tablet to connect the bear. Messages can be sent and received from anywhere in the world. Unfortunately, the database used by Spiral Toys wasn’t behind a firewall or password protected, which made it easy to find using Shodan, a search engine that exposes unprotected websites and servers to hackers. The attack occurred between Christmas of last year and at least until the first week of January, and according to Motherboard at least two security researchers and likely malicious hackers were able to get into the system. In fact, at the beginning of January, CloudPets’ data was overwritten twice, according to researchers. (RELATED: Get all the news the media is trying to hide form you at Censored.news)