IoT Security No Fun and Games

CloudPet IoT-connected stuffed animal exposes personal data.

We all can’t stopping talking about the Internet of Things and how connected products are going to change our lives. Well, here’s a security nightmare that might stop many in their tracks.

CloudPets, the maker of a cutesy Internet-connected stuffed animal whose claim to fame is storing and replaying heartfelt messages between kids and parents, has a security gap that exposed the personal information of more than 800,000 customers and some 2 million voice recordings (many from the kids), according to an article posted on Huffington Post.

Since Christmas Day last year, information on the CloudPets server (which includes customers’ login and password data long with the voice recordings) has been stored in an exposed database that is easily accessible to anyone trolling the Internet for a little action, the article says.

While the company hasn’t yet acknowledged the lapse in security practices, the article says an online security expert, Troy Hunt, was able to tap into the CloudPet server to retrieve such personal information as kids names and birthdays as well as names of authorized users like parents and grandparents. Also easily accessible, according to Hunt, were the actual voice messages from kids, singing songs and sharing personal information.

While Hunt admits there’s little value to hackers in the kids’ messages and acknowledges no significant data breach has occurred as of yet, he tells the Huffington Post writer that the CloudPet scenario should be a wake-up call to the importance of encryption and security best practices to all consumers thinking about bringing an IoT device into their home.

About the Author

Beth Stackpole, contributing writer | Contributing Editor, Automation World

Beth Stackpole is a veteran journalist covering the intersection of business and technology, from the early days of personal computing to the modern era of digital transformation. As a contributing editor to Automation World, Beth's coverage traverses a range of industries and technologies, including AI/machine learning, analytics, automation hardware and software, cloud, security, edge computing, and supply chain. In addition to her high-tech and business journalism work, Beth writes an array of custom editorial content and thought leadership pieces.

Sponsored Recommendations

Rock Quarry Implements Ignition to Improve Visibility, Safety & Decision-Making

George Reed, with the help of Factory Technologies, was looking to further automate the processes at its quarries and make Ignition an organization-wide standard.

Water Infrastructure Company Replaces Point-To-Point VPN With MQTT

Goodnight Midstream chose Ignition because it could fulfill several requirements: data mining and business intelligence work on the system backend; powerful Linux-based edge deployments...

The Purdue Model And Ignition

In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework...

Creating A Digital Transformation Roadmap Using A Unified Namespace

Digital Transformation has become one of the most popular buzzwords in the automation industry, often used to describe any digital improvements to industrial technology. But what...