Cloud Pets breach

cloud_pets-crop.jpg

“Cloud Pets,” a company that makes stuffed animals that allow children to communicate with distant loved ones, has suffered a data breach. Cyber experts estimate that the connected stuffed animal manufacturer had more than 820,000 user accounts compromised. The user accounts contained sensitive information including the email addresses of the parents, passwords, child profile pictures, and over 2 million voice messages--although Cloud Pets denies that voice messages were compromised.

Announced: February 28, 2017

Description of the breach: On February 28, 2017, Spiral Toys, the parent company of Cloud Pets, notified the California Attorney General’s office that they were the subject of a data breach. Although, Cloud Pets has not published an official notification to consumers regarding the hack. Users of Cloud Pets products have had their emails, passwords, and child profile pictures compromised--a total of 820,000 accounts. Many experts also believe that 2.2 million private voice messages exchanged between kids using the devices and their parents were compromised as well.

Cloud Pets users are being urged to immediately change their account passwords. Users that have reused their Cloud Pets passwords across multiple platforms are particularly vulnerable to “fallout” hacking. These users should change the passwords of all of the accounts that share the compromised password. In addition, due to the toy’s susceptibility to outside hacking, many cyber experts are suggesting that parents consider discontinuing use of the toy all together.

Data breach period: Unknown-January 9, 2017

More coverage of this breach: Motherboard and CNN