Profile image
Story Views

Last Hour:
Last 24 Hours:

Creepy teddy bear caught leaking kids’ private conversations online

Thursday, March 2, 2017 9:41
% of readers think this story is Fact. Add your two cents.

(Before It's News)

(Natural News) Spiral Toys, the manufacturer of the SmartToy line CloudPets, left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen to. Some hackers went so far as to lock accounts and hold them for ransom.

The internet-connected Teddy Bear allows kids to communicate with far away friends and relatives without having to give them their own phone, though parents do have to download the CloudPets App to a phone or tablet to connect the bear. Messages can be sent and received from anywhere in the world. Unfortunately, the database used by Spiral Toys wasn’t behind a firewall or password protected, which made it easy to find using Shodan, a search engine that exposes unprotected websites and servers to hackers. The attack occurred between Christmas of last year and at least until the first week of January, and according to Motherboard at least two security researchers and likely malicious hackers were able to get into the system. In fact, at the beginning of January, CloudPets’ data was overwritten twice, according to researchers. (RELATED: Get all the news the media is trying to hide form you at

Those able to hack the system can now access more than 800,000 emails and passwords. Troy Hunt, a security researcher that analyzed the CloudsPets data, says a majority of the passwords were very weak and easy to crack. To make matters worse, Spiral Toys has yet to notify victims or disclose the breach even though it has been nearly two months since it happened. Jason Pagel, a student in a workshop that Hunt taught last week, and a father to a 6-year-old girl, found out about the breach through Hunt. “My bigger concern is that someone may be able to use this information to send inappropriate messages to my 6-year-old daughter,” Pagel told Motherboard via email. “[My parents] certainly won’t be sending any more messages to their granddaughter through this. And while I doubt we will throw the toy away, it’s effectively been reduced to a way-overpriced stuffed animal.”

This breach mirrors the concerns that caused Germany not only to ban but destroy the SmartToy “My Friend Cayla” after regulators decided that the doll posed a significant threat to the privacy of its citizens. Aside from it being exposed that the information Cayla records is sent to a company that makes voice recognition software, this toys software can be easily hacked as well. Security researcher Ken Munro from Pen Test Partners has identified some vital flaws in the software. By his account, Ken, or any hacker for that matter, can get into Cayla’s system to modify commands as well as change vocabulary. And just like CloudPets, Cayla also operates via a Bluetooth system which means strangers could potentially connect with both toys and communicate with your child.

The Consumer Privacy Project, a Washington nonprofit that advocates for consumer privacy, as well as many other privacy groups, have filed a complaint with the Federal Trade Commission about Cayla and other SmartToys. Ideally, they’d like to see the toys taken off the shelves in the United States, as they have been in Germany and some other European countries.

Credit to


Report abuse


Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories



Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.