If you own a stuffed animal from Cloud Pets, you need to change your password to the product. The toys — which can receive and send voice messages from children and parents — have been involved in a data breach dealing with more than 800,000 user accounts.
The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy’s customers. However, the company behind the products, Spiral Toys, is denying that any customers were hacked.
Hackers appear to have accessed an exposed CloudPets’ database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January.
CloudPets, the brand allegedly made the mistake of storing the customer information in a publicly exposed online MongoDB database that required no authentication to access. That allowed anyone, including hackers, to view and steal the data.