A cuddly soft toy that can play personal messages to a child recorded by family members – sounds like a great idea right? Maybe it was, until it became just another database hit by a data breach.  

Spiral Toys, the owner of Cloudpets, a stuffed toy animal that can play messages recorded via an app, has had its database with over two million voice messages leaked online. Further, a database containing 800,000 unsecured voice messages was held ransom, with hackers demanding Bitcoin to restore deleted data. Fault appears to lie with Spiral Toys, who did not take adequate steps to secure the personal data. 

Unfortunately once information has been leaked, there is often little to no action that can be taken. Spiral Toys released a statement stating it “took immediate and swift action” by carrying out “an internal investigation and immediately invalidat[ing] all current customer passwords to ensure that no information could be accessed”. While it denies that there is any breach as the leaked data was password encrypted, many of those passwords have been found to be poorly created, with “Cloudpets” a common choice. 

So, like many other data breaches, this stands as just another warning to be vigilant about what personal data you create and provide to third parties. If you have the option to take personal steps to safeguard the information, for example via password, make sure you do so and take care to choose something that won’t be easy to crack.