Amazon announced yesterday that it’s pulling CloudPets from its online store after new security flaws were discovered that leave the smart toys vulnerable to hackers. Made by Spiral Toys, the cuddly stuffed animals include built-in microphones and speakers that kids can use to upload and share recordings online with family and friends. They connect to the internet via Bluetooth, which is reportedly how security experts have been able to access the dolls. Both Walmart and Target stopped selling the toys last week, but Amazon didn’t move to pull CloudPets until Mozilla provided the company with research about how CloudPets can be used to spy on children.
“In a world where data leaks are becoming more routine and products like CloudPets still sit on store shelves, I’m increasingly worried about my kids’ privacy and security,” Ashley Boyd, Mozilla’s vice president of advocacy, announced in a statement.
This is not the first time that CloudPets have been accused of low-quality cybersecurity. Last year, it was revealed that the recordings of millions of the toys’ users were being stored online virtually unprotected. Hackers easily accessed CloudPets’ online database and stole the emails, passwords, and voice recordings of nearly 800,000 users.
Spiral Toys implemented stronger password protocols to improve safety and assured users that its products were safe, but it clearly wasn’t enough. And in light of the latest vulnerabilities, major retailers simply couldn’t leave CloudPets on their shelves.