IoT Security No Fun and Games

CloudPet IoT-connected stuffed animal exposes personal data.


We all can’t stopping talking about the Internet of Things and how connected products are going to change our lives. Well, here’s a security nightmare that might stop many in their tracks.

CloudPets, the maker of a cutesy Internet-connected stuffed animal whose claim to fame is storing and replaying heartfelt messages between kids and parents, has a security gap that exposed the personal information of more than 800,000 customers and some 2 million voice recordings (many from the kids), according to an article posted on Huffington Post.

Since Christmas Day last year, information on the CloudPets server (which includes customers’ login and password data long with the voice recordings) has been stored in an exposed database that is easily accessible to anyone trolling the Internet for a little action, the article says.

While the company hasn’t yet acknowledged the lapse in security practices, the article says an online security expert, Troy Hunt, was able to tap into the CloudPet server to retrieve such personal information as kids names and birthdays as well as names of authorized users like parents and grandparents. Also easily accessible, according to Hunt, were the actual voice messages from kids, singing songs and sharing personal information.

While Hunt admits there’s little value to hackers in the kids’ messages and acknowledges no significant data breach has occurred as of yet, he tells the Huffington Post writer that the CloudPet scenario should be a wake-up call to the importance of encryption and security best practices to all consumers thinking about bringing an IoT device into their home.

More in Networks