Borderline-creepy talking toys have been around for decades, and we all remember the Teddy Ruxpin craze of the 1980s featuring the teddy bear that “talked” along with pre-recorded cassette tapes. But far creepier than a talking toy is a toy that actually records you and stores audio recordings of your voice (and the voices of your children) digitally where the recordings can be hacked into by criminals. And that is exactly what appears to have occurred with a series of toys created by CloudPets which appear to have exposed millions of recordings of adults and children on an unsecured cloud database available to anyone. This is only the latest, if not one of the most unnerving chapters, in a series of data breaches caused by the so-called “Internet of Things” (IoT).

CloudPets and The Internet of Things

CloudPets introduced its stuffed animals in 2015 which allows parents to send voice messages to a stuffed animal via a cloud server to anywhere in the world where a child (or another adult) has the CloudPet. When a message is sent, the pet lights up, and the child can retrieve the voice message. Thus, the CloudPets are connected to the internet via Wi-Fi, making them one of the billions of devices that make up the IoT.

Hackers Steal Millions of Pieces of Customer Data

Like many IoT devices, the cloud database that serves as the repository of information transmitted wirelessly to the stuffed animals was not properly secured. Hackers deleted the entire database storing users’ passwords and other personal information months ago and attempted to ransom the information from the company. The company was able to restore the information without paying the ransom, but, more importantly, the hackers continue to hold the information stolen from the databases, reportedly including:

  • 821,396 customer profiles, including emails and easily hackable passwords
  • 371,970 “friends profiles”
  • 2,182,377 voice mails

Nevertheless, CloudPets neglected to inform its customers for two months of the data breach. Experts familiar with the black market on which criminals sell sensitive personal info retrieved from data breaches confirmed that the information has recently been placed for sale.

Contact McCuneWright If You Have Been Affected By an IoT Data Breach

Data breaches from the IoT are one of the greatest risks facing consumers in the US today. Despite increased government crackdowns, manufacturers and providers who make it easy for hackers to steal data from IoT devices are the most important line of defense and should be held responsible for their failures to protect your information.

If you have been affected by an IoT data breach, the complex litigation attorneys at McCuneWright are here to help. Our legal team is on the forefront of investigating data breaches and bringing suit against responsible parties to obtain justice on behalf of consumers like you. If you have been the victim of a data breach, please contact McCuneWright, LLP today to find out your legal options.