Skip to main content

Exposed Database For CloudPet Toys Included Information And Voice Recordings

By March 16, 2017March 1st, 2023Cybersecurity

Unless you have kids, you may not have even known about CloudPets, or the MongoDB, much less the recent hack or the shocking lack of security.

Firstly, yes. Smartpets are a “thing.” They are a new type of stuffed toy for small children connected to the internet. Parents and grandparents can record messages for their kids and upload them, and the children can play them back via their stuffed toy.

Unfortunately, the security surrounding the database wasn’t just bad, it was completely nonexistent. It wasn’t password protected at all, which allowed an unknown number of hackers to download it in its entirety. This amounted to more than 821,000 voice recordings, and the personal account info of all the users being stolen.

Worse, on at least three separate occasions, the database was deleted, and a ransom note text file left in its place, so it’s not as though the company didn’t know that something was amiss. Their response to the repeated hacks and deletions?


In fact, the CEO of Spinal Toys, who makes CloudPets, complained that more was being made of the issue than was necessary, and downplayed its significance. No corrective actions were taken, and the unprotected database was vulnerable from at least December 2016 to January 2017 when it was finally taken offline with no comment.

This is a textbook case of how not to handle a breach, and the company faces an uncertain future.

A breach, regardless of its size and severity, is a very big deal, and should be treated as such. Not only does it put your own propriety data at risk, but it can also lead to identity theft of your customers, to say nothing of the loss of trust which can take years to earn back.

This incident should be studied by every small or medium-sized business owner and should serve as a warning about the importance of digital security and its proper handling.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.