The company behind a new line of “smart” teddy bears is under fire after allowing data from children to be held for ransom.
Spiral Toys created their CloudPets line in order to help parents and kids stay in contact despite being far away from each other. The way the toy works is one user will record a message, the message is uploaded to the cloud, and then the message is downloaded and played on the stuffed animal. If you want to read the more specific ins and outs of how it works, this Motherboard article goes very in depth.
For almost a month, Spiral Toys stored customer data on an unsecured server. This made it easy for hackers to gain access to the data of over 800,000 users. The data was actually held for ransom in a widespread incident back in January.
Victor Gevers, head of a non-profit group that warns companies of breaches like this, says Spiral Toys has not addressed the issue and has not responded to his many attempts to contact them. “I have been trying to reach through email, Linkedin, Zendesk, Twitter,” he told Motherboard. “I even tried to reach the people via the private email. Never got a response.” He also said that the way they’ve handled this shows that they “should not be in this industry” or in any way be “responsible for such data.”
Jason Pagel, a parent who bought the toy so his daughter could keep in contact with her grandparents, said that his biggest concern is that someone “may be able to use this information to send inappropriate messages to my 6 year old daughter”. He also said that his parents “certainly won’t be sending any more messages to their granddaughter through this.”
Spiral Toys has still not addressed the issue, and it is likely that many users don’t know that their data is out there in the open.
