Victor Thomson Tech 03.01.2017 03:Mar AM EST

Smart Toys Involve In Latest Privacy Scandal

According to digital security experts, recorded messages spoken to smart toys could pose privacy risks for children. In the latest online privacy scandal, a security vulnerability allowed anyone to access recordings, photos and personal information of children using CloudPets toys.

Latest Privacy Scandal Involves Smart Toys

According to CNN Tech, security researcher Troy Hunt discovered that over 820,000 CloudPets user accounts were exposed, including 2.2 million voice recordings. The toys connect to mobile apps and allow parents to send messages played through the stuffed animals to their children. CloudPets accounts contain an email address, child's name, and a photo.

CloudPets stores all that data in the cloud, like other toys that connect to the internet. The toys were launched back in 2015 and include stuffed cats, dogs, bears, and rabbits. The insecure database that store kids' information didn't require authentication to access it and any small mistake can expose this data.

Previous Privacy Concerns Involving Smart Toys

According to Forbes, this latest online privacy scandal came just after a week ago when the German government banned another Internet-connected toy called My Friend Cayla. The doll raised concerns that it did not offer sufficient privacy protection and hackers could easily use it to spy on children. However, in the case of the CloudPets, all it takes is an improperly-configured database, the toys don't even need to be hacked in order to cause a privacy breach.

Leaked Passwords To CloudPets Accounts Still Active

According to Hunt, in fact, that's exactly what happened. The data is no longer publicly accessible, but the passwords are still active and CloudPets has not informed users of the leak, which could be a violation of the law. The maker of CloudPets, Spiral Toys, is based in California, where the government requires companies to notify consumers in case that their information was exposed online.

Spiral Toys said no messages or images were compromised. However, if they reuse the CloudPets password anywhere else, Hunt recommends parents to change their passwords. In fact, users should never reuse their passwords for more accounts, according to security experts.