Now news are coming out that the popular internet connected stuffed animals CloudPets have been hacked. Cybersecurity expert Troy Hunt says to Motherboard that the hack attack was quite severe.
Hunt says that hackers took the account information of more than 820 000 users. Among the information was emails, passwords. Hunt also found that hackers had access to nearly 2.2 million voice recordings if they could guess the URL (web link) for a recording.
It gets worse. According to Hunt, these databases didn’t have any security. They were simply stored online with no passwords. Spiral Toys, the maker of CloudPets, haven’t commented the issue. Later it sent an email to CNN that they claim no messages or images were compromised.
Security experts also say to Vice and Motherboard that they tried to warn the company about the risk, but to no avail. Some even speculate Spiral Toys have shut down.
According to Hunt the data is no longer online after January 13th. It’s now known exactly when the breach happened. Hunt though has enough evidence that hackers have copied the database and offered to sell it back to Spiral Toys. What’s worse is that there’s no data that CloudPets have informed the owners of the toys.
Even so, users were the ones to get suspicious after the company stopped replying to their emails about other topics. So, they reached out to Hunt who started to investigate. He recommends owners of CloudPets to change their passwords.