Spiral Toys has found itself in a controversy after bringing on a privacy nightmare for parents and their children. The California-based toy company that sells “a message you can hug” reportedly exposed more than two million voice messages from its users to online hackers.
Specializing in toys connected through the Internet, Spiral Toys released its CloudPets stuffed animals- the company’s attempt to take on the latest trend in the toy industry. The “Talking Puppy” and similar products have now taken kids’ imaginations to the next level by allowing them to connect with their family members through the internet and enable them to have an exchange of recorded messages.
The promotional video for these stuffed animals shows a father going on a trip and using the CloudPets app to send an “I miss you” message to his daughter through the toy. The girl can simply squeeze the toy to record her own message as a reply to her father.
Spiral Toys was allegedly informed several times that customer data was being made available online and that anyone could easily have access to it. However, the data was up for a week with proof suggesting that it had been grabbed more than once.
In a report by Motherboard, hackers were able to access and steal customer emails and passwords from a CloudPets database in January. CloudPets does not ask for password strength requirements from its users. According to security expert Troy Hunt, due to this lax process, hackers could have easily guessed multiple passwords and gained access to full accounts of customers.
The CloudPets privacy scare is only the latest of controversies surrounding Internet-connected toys. In December, a complaint was filed at the Federal Trade Commission concerning a doll called “My Friend Cayla.” The doll company was sued for recording children’s conversations and saving them to a server to be used for product testing. The doll caused much panic in Germany that the administration asked parents to destroy and do away with the toy.