AGOURA HILLS, Calif.—Are member accounts now at risk from teddy bears? Yes, as hackers are now attacking kids Internet-connected toys.
A major internet connected children's toy has leaked the collected voices, email addresses and passwords of more than two-million children and parents, according to Komando.com, which added the manufacturer was hoping that no one would find out.
The hacker’s target is a teddy bear made by Spiral Toys. The impacted toys are a part of the company's CloudPets line. The company has known about the data breach for two months but as of last week had yet to notify any of the affected families, reported Komando.com.
“According to security researcher Troy Hunt, a Spiral Toys' database that was not being protected by a password or firewall was breached by hackers. The database was stolen by cybercriminals and they are now holding it hostage, demanding Spiral Toys pay a ransom to get it back. If the ransom is not paid, the hackers could sell the stolen data on the Dark Web,” Komando.com stated.
There were actually two separate breaches involved in this incident. The first database that was breached stored over two million voice messages recorded by the smart toys. Private conversations from families and recordings of children alone playing with the toy were all taken. In the second breach, Spiral Toys leaked users' details of 800,000 accounts. The stolen data included both email addresses and passwords, Komando.com reported.