Smart teddy bear turns Trojan horse

Having the perfect symbol of innocence and childhood — a teddy bear — as the villain in Toy Story 3 was a stroke of genius. And now reality has caught up with Pixar.

To be fair to teddy bears, this time we’re talking of several kinds of cute fluffy internet-connected animals, including cats (there’s your typical villain right there), dogs, elephants and yes, even unicorns.

CloudPets come with an associated smart phone app that allows friends and family to record and send messages to your kid from anywhere in the world. Once a parent or carer approves the message, a little heart on the stuffed animal starts blinking, and the child will just need to squeeze its paw to hear the recording. Children can also record their own messages for loved ones by squeezing the CloudPet’s paw.

Quite simple and ingenious. But Spiral Toys, the company behind the smart stuffed animals in question, failed to secure a database containing hundreds of thousands of customer emails and passwords plus over two million recordings, according to Vice’s Motherboard publication.

The data was exposed from Christmas day last year till at least the first week of January, and Motherboard writes “at least two security researchers, and likely malicious hackers, got their hands on it.”

Even worst, it appears the data was then locked by hackers who then asked for ransom to release it back to the company, as part of a large scale attack on open databases on January 12.

According to Motherboard, Spiral Toys, which appears to be in financial trouble, hasn’t disclosed the breach, nor notified the victims.

Add Comment

Your email address will not be published. Required fields are marked *