If You Own A CloudPets Stuffed Animal, You Should Know About This Security Breach

Important security news for anyone who owns a CloudPets toy.

CloudPets, made by California-based Spiral Toys, is a popular line of stuffed animals that allow people to record and play back messages for a child. For example, a solider stationed overseas could use the CloudPets app to sing a lullaby or record a story for a little boy back at home in America, which the boy can then access by pushing his stuffed animal’s paw.

Sweet idea, right?

Well, while it may sound neat, cyber-tech experts caution parents that CloudPets toys could pose a security risk. CNN reports that CloudPets has been storing recorded-voice information (millions and millions of messages) on a poorly secured database.

This database was recently infiltrated by hackers, and they stole all of the information. According to security researcher Troy Hunt, over 820,000 user accounts were exposed… including 2.2 million voice recordings.

CloudPets denies that voice data was breached, and the company did not inform users of this breach, which cyber-security experts believe to be a breach of the law. Companies are required to inform their customers if a data breach may have exposed their personal data, however, CloudPets made no such measures, and they continue to maintain that the hack did not impact customers’ privacy.

So what should you do now, while the who’s and what’s are sorted out?

Well, if you own a CloudPets device, the first thing you should do is immediately change your password for the app. If you use the same password on CloudPets that you do on other applications (such as your email password or your Facebook password), you should change all of these immediately as well.

You may want to consider turning off the toy as well, at least until the company is able to demonstrate that they are making serious changes to their cyber-security. Security expert Troy Hunt also advises that CloudPets owners consider reaching out to their local regulators and making a complaint, as he believes that the company has more than mismanaged this data breach.

Go to the U.S. Department of Justice to discover the appropriate official to whom you can report computer hacking, fraud and other internet-related crime.

Read more about how to make sure your devices aren’t spying on you.