Why are so many toys vulnerable to hacking?

See the original posting on The Verge

I keep hoping we’ve reached peak vulnerable gadgets, only to hear about another unsecured device. Toys in particular continue being exposed as privacy and security nightmares that anyone with a slight desire to investigate can uncover. This week in toy privacy nightmares, a company called Spiral Toys was found to have exposed 800,000 user account credentials online, as well as 2 million voice message recordings.

The company’s CloudPets line, which includes internet-connected teddy bears, stored user credentials in a database that wasn’t secured by a password or behind a firewall. Security researchers discovered the MongoDB through Shodan, a search engine for finding vulnerable websites and servers. Their work was independently verified…

Continue reading…