Menu
US senator probes into CloudPets smart toy hack

US senator probes into CloudPets smart toy hack

The data breach was said to affect over 800,000 user accounts

A U.S. senator is probing reports of a breach of data from smart toys from Spiral Toys, writing to the company’s CEO a letter with ten questions about the issue, including about the company’s security practices.

Bill Nelson, a Florida Democrat, wrote in a letter Tuesday to CEO Mark Meyers that the breach raises serious questions concerning how well the company protects the information it collects, particularly from children.

Nelson also said that the incident raises questions about the vendor's compliance with the Children’s Online Privacy Protection Act that requires covered companies to have reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.

The letter from Nelson was shared on Twitter by security researcher Troy Hunt, who exposed the breach in a blog post on Feb. 28.

The toys, sold under the CloudPets brand, allow parents and their children to send voice messages over the internet. Hunt found evidence that hackers had looted the unsecured MongoDB database that stored the toys' customer login information. Although the passwords were hashed, there wasn’t a stiff requirement of password strength from the vendor, and the passwords could be potentially hacked and the voice recordings accessed.

Meyers has said that the breach came to his notice only on Feb 22, although another researcher, Victor Gevers, claims to have contacted the toy maker about the issue in late December. The company has claimed that no recordings were stolen. Nelson, who is a ranking member of the Senate's Committee on Commerce, Science and Transportation, has asked Meyers to respond no later than March 23.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments