Creepy teddy bear caught leaking kids’ private conversations online
03/01/2017 // Thomas Dishaw // Views

Spiral Toys, the manufacturer of the SmartToy line CloudPets, left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen to. Some hackers went so far as to lock accounts and hold them for ransom.

The internet-connected Teddy Bear allows kids to communicate with far away friends and relatives without having to give them their own phone, though parents do have to download the CloudPets App to a phone or tablet to connect the bear. Messages can be sent and received from anywhere in the world. Unfortunately, the database used by Spiral Toys wasn’t behind a firewall or password protected, which made it easy to find using Shodan, a search engine that exposes unprotected websites and servers to hackers. The attack occurred between Christmas of last year and at least until the first week of January, and according to Motherboard at least two security researchers and likely malicious hackers were able to get into the system. In fact, at the beginning of January, CloudPets’ data was overwritten twice, according to researchers. (RELATED: Get all the news the media is trying to hide form you at

Those able to hack the system can now access more than 800,000 emails and passwords. Troy Hunt, a security researcher that analyzed the CloudsPets data, says a majority of the passwords were very weak and easy to crack. To make matters worse, Spiral Toys has yet to notify victims or disclose the breach even though it has been nearly two months since it happened. Jason Pagel, a student in a workshop that Hunt taught last week, and a father to a 6-year-old girl, found out about the breach through Hunt. "My bigger concern is that someone may be able to use this information to send inappropriate messages to my 6-year-old daughter," Pagel told Motherboard via email. "[My parents] certainly won't be sending any more messages to their granddaughter through this. And while I doubt we will throw the toy away, it's effectively been reduced to a way-overpriced stuffed animal.”


This breach mirrors the concerns that caused Germany not only to ban but destroy the SmartToy “My Friend Cayla” after regulators decided that the doll posed a significant threat to the privacy of its citizens. Aside from it being exposed that the information Cayla records is sent to a company that makes voice recognition software, this toys software can be easily hacked as well. Security researcher Ken Munro from Pen Test Partners has identified some vital flaws in the software. By his account, Ken, or any hacker for that matter, can get into Cayla’s system to modify commands as well as change vocabulary. And just like CloudPets, Cayla also operates via a Bluetooth system which means strangers could potentially connect with both toys and communicate with your child.

The Consumer Privacy Project, a Washington nonprofit that advocates for consumer privacy, as well as many other privacy groups, have filed a complaint with the Federal Trade Commission about Cayla and other SmartToys. Ideally, they’d like to see the toys taken off the shelves in the United States, as they have been in Germany and some other European countries.


Related Topics

Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.