Stuffed cloudpets vulnerable to hacking, few retailers stop selling

Who would have thought hacking is a constraint to only accounts, banks and emails. Today, stuffed pets are being hacked and used for criminal activity. According to reports, around 800,000 accounts relating to the soft toys were recently hacked with data leaked on the internet.

Some of the nation’s largest retailers, including Amazon, Walmart and eBay, stopped selling a stuffed children’s toy this week because of concerns the devices could be easily hacked.

A study conducted by researchers found that cloudpets are hackable with many having already been hacked. Some of these toys work on Bluetooth technology and others on WiFi technology, which renders them vulnerable to being used as a listening device if exploited. Security researchers demonstrated the Bluetooth-enabled devices could be hijacked and turned into a listening device.

An audit was conducted by Mozilla Firefox that highlights that these vulnerabilities are still being widely exploited. Based on this and many other sources, popular retailers have ceased in selling stuffed cloudpets that work on Bluetooth and WiFi.

A bunch of retailers, including Amazon, Target, and Walmart, pulled their listings for a line of smartphone-connected stuffed animals called CloudPets this week after they were found to be storing kids’ voice recordings online without any security measures, among other issues. The news offers them good optics, but the reality is that this security revelation came about in February 2017: it took the massive retailers over a year to remove the stuffed animals, during which time they likely sold at least some of their inventory.

The toy’s removal only happened after the Electronic Frontier Foundation wrote a letter this week to Walmart, Target, and Amazon requesting that the CloudPet listings be taken down. The organization writes that it also urges the stores to “consider putting in place new or improved systems to ensure that products you stock, especially those that collect the information of children, have basic practices in place to respect the trust that consumers place in them.”