Why are so many toys vulnerable to hacking?
See the original posting on The Verge
I keep hoping weve reached peak vulnerable gadgets, only to hear about another unsecured device. Toys in particular continue being exposed as privacy and security nightmares that anyone with a slight desire to investigate can uncover. This week in toy privacy nightmares, a company called Spiral Toys was found to have exposed 800,000 user account credentials online, as well as 2 million voice message recordings.
The companys CloudPets line, which includes internet-connected teddy bears, stored user credentials in a database that wasnt secured by a password or behind a firewall. Security researchers discovered the MongoDB through Shodan, a search engine for finding vulnerable websites and servers. Their work was independently verified…