Cuddly toy firm CloudPets publishes tens of thousands of recordings of children’s voices online
Parents unaware that messages recorded on 'smart toys' are stored in an online database
HACKERS may have harvested tens of thousands of voice recordings of young British children after a "smart" toys manufacturer posted their details online.
CloudPets have published more than two million of their customers' email addresses and passwords in an online database, security researchers have said.
The researchers said that roughly 28,000 of those details would have been from the UK,
Troy Hunt, a web security researcher, said the number of affected UK parents stretches into the "many tens of thousands" when British customers with non-location emails are taken into account.
CloudPets make cuddly toys marketed as a "message you can hug" - allowing parents and children to record voice messages which are played when a button is pressed.
The stuffed toys are paired up with a mobile app.
Many parents are unaware these private audio files are also stored in an online database.
related stories
Security researchers have found that user details for 820,000 of the toys could be accessed in a public database without a password.
They also discovered that when passwords were in place they were easily guessable - such as "12345" or "password".
The concerns come after it emerged a similar toy on sale could be hacked so that children and parents could be spied on.
A watchdog in Germany urged parents to destroy the My Friend Cayla doll which uses Bluetooth to have "conversations" with children.
The toy is able to ask children up to 3,000 questions.
Security experts are advising parents not to buy "smart" toys unless they are willing for their personal information to be shared on a public platform.
, the manufacturer of CloudPets, said the hackers would only have been able to access recordings where they managed to guess passwords.
They also said there was no evidence any accounts had been breached.
The firm added that it had upgraded its security and was planning a password reset for its users.
No publicly accessible databases belonging to the company have been online since mid-January.
The Sun has contacted Spiral Toys for further comment.
Last month it was reported that Microsoft internet apps have a "high level" bug that allows attackers to hijack victim's browsers.
Holidaymakers were warned hackers could ruin millions of people's summers by targeting airlines.