68:
requirements on users of the service—they had previously not enforced any password complexity requirements and their documentation had suggested short, weak passwords. Numerous journalists and security researchers including Hunt noted that the company was non-responsive to disclosures from security
37:
Security researchers demonstrated that the toy itself was insecure and could be trivially accessed via
Bluetooth. The personal records of over 820,000 owners of the toy were stored in an insecure
134:
338:
57:, a database of users whose data has been compromised. The database of user records also contained links pointing to over 2.2 million audio files hosted on
279:
167:
34:
to connect to a parent's smartphone to allow distant family members to send voice messages to the toy, and allow children to send voice messages back.
109:
142:
254:
26:
manufactured by now defunct Spiral Toys that was the subject of numerous security vulnerabilities in
February 2017. The plush
205:
318:
328:
61:
containing the voice messages sent to and from the toys. Hunt stated that the database hack was "ridiculously easy".
343:
333:
323:
313:
308:
58:
54:
49:
address. Data retrieved from the CloudPets database was sent to the
Australian security researcher
83:
175:
78:
280:"Millions Of Private Messages Between Parents And Kids Hacked In Cloud Pets Security Breach"
88:
64:
Following disclosure of security vulnerabilities, CloudPets started enforcing stronger
302:
229:
27:
179:
50:
31:
65:
23:
46:
38:
206:"Stuffed toys leak millions of voice recordings from kids and parents"
110:"The Latest Privacy Nightmare For Parents: Data Leaks From Smart Toys"
42:
255:"CloudPets' data breach underlines need for secure cloud apps"
168:"CloudPets stuffed toys leak details of half a million users"
135:"Smart teddy bears involved in a contentious data breach"
41:
database. Attackers also replaced the database with a
230:"Children's messages in CloudPets data breach"
8:
69:researchers and enquiries from journalists.
91:, another Internet-connected children's toy
100:
7:
199:
197:
195:
161:
159:
339:Criticisms of software and websites
14:
16:Internet-connected soft toy line
1:
204:Larson, Selena (2017-02-27).
278:Cooper, Luke (2017-02-28).
360:
22:was an Internet-connected
166:Hern, Alex (2017-02-28).
45:demand pointing to a
319:Hacking in the 2010s
59:Amazon Web Services
53:who included it in
329:Internet of things
84:Internet of things
55:Have I Been Pwned?
344:Toy controversies
79:Computer security
30:-style toys used
351:
294:
293:
291:
290:
275:
269:
268:
266:
265:
251:
245:
244:
242:
241:
226:
220:
219:
217:
216:
201:
190:
189:
187:
186:
163:
154:
153:
151:
150:
145:on March 1, 2017
141:. Archived from
130:
124:
123:
121:
120:
105:
359:
358:
354:
353:
352:
350:
349:
348:
334:Electronic toys
299:
298:
297:
288:
286:
284:Huffington Post
277:
276:
272:
263:
261:
253:
252:
248:
239:
237:
228:
227:
223:
214:
212:
203:
202:
193:
184:
182:
165:
164:
157:
148:
146:
132:
131:
127:
118:
116:
107:
106:
102:
98:
89:My Friend Cayla
75:
17:
12:
11:
5:
357:
355:
347:
346:
341:
336:
331:
326:
321:
316:
311:
301:
300:
296:
295:
270:
259:ComputerWeekly
246:
221:
191:
155:
133:Kan, Michael.
125:
108:Mathews, Lee.
99:
97:
94:
93:
92:
86:
81:
74:
71:
15:
13:
10:
9:
6:
4:
3:
2:
356:
345:
342:
340:
337:
335:
332:
330:
327:
325:
322:
320:
317:
315:
312:
310:
307:
306:
304:
285:
281:
274:
271:
260:
256:
250:
247:
235:
231:
225:
222:
211:
207:
200:
198:
196:
192:
181:
177:
173:
169:
162:
160:
156:
144:
140:
139:Network World
136:
129:
126:
115:
111:
104:
101:
95:
90:
87:
85:
82:
80:
77:
76:
72:
70:
67:
62:
60:
56:
52:
48:
44:
40:
35:
33:
29:
25:
21:
324:Cyberattacks
287:. Retrieved
283:
273:
262:. Retrieved
258:
249:
238:. Retrieved
236:. 2017-02-28
233:
224:
213:. Retrieved
209:
183:. Retrieved
172:The Guardian
171:
147:. Retrieved
143:the original
138:
128:
117:. Retrieved
113:
103:
63:
36:
19:
18:
314:Teddy bears
309:2010s toys
303:Categories
289:2017-08-06
264:2017-08-06
240:2017-08-06
215:2017-08-06
185:2017-08-06
149:2017-08-06
119:2017-08-06
96:References
28:teddy bear
180:0261-3077
51:Troy Hunt
32:Bluetooth
20:CloudPets
234:BBC News
210:CNNMoney
73:See also
66:password
24:soft toy
47:Bitcoin
39:MongoDB
178:
114:Forbes
43:ransom
176:ISSN
305::
282:.
257:.
232:.
208:.
194:^
174:.
170:.
158:^
137:.
112:.
292:.
267:.
243:.
218:.
188:.
152:.
122:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.