5 On Your Side

Internet-connected toys can expose children's privacy, identities

Posted 7:20 a.m. Thursday

A child just playing with a toy usually isn't a problem, but some new toys could give hackers a path to target your kids.

Some new toys are part of the internet of things, which include all those devices we have that are connected online. Like other internet-connected devices, hackers can use the toys to access you and your children's personal information.

Like a teddy bear that comes with a Bluetooth connection, many young children play with toys that connect to the internet. Parents and children can record and send messages to each other through an app associated with the toy.

Earlier this year, a security researcher warned the toy's maker, Spiral Toys, that its servers weren't adequately protected, making user emails and passwords vulnerable to hackers.

"Exposing personal data could put you at risk for identity theft or even credit card fraud down the road, and the worst case scenario, though very remote, is that that information could be used in a child abduction," said Consumer Reports Cyber Security Editor Bree Fowler.

And there are some very real instances of children's privacy being compromised.

Two years ago, a hacker attacked toy maker V-Tech, exposing profiles of more than 6 million children, including names, genders and birth dates. The hack also exposed even more detailed profiles of about 5 million adults.

The Federal Trade Commission recently announced it's reviewing privacy and security complaints of two internet-connected toys—the i-Que Robot and My Friend Cayla. The doll is banned in Germany.

Consumer Reports says examples like these should serve as a wake-up call to families: either play it safe and enter fake names and birthdays or skip buying these toys altogether.

Spiral Toys told Consumer Reports they did not find evidence their data was breached but still took action to protect customer privacy.

V-Tech says the company took immediate action after their data was compromised and vows customers can now manage their accounts securely but should change their passwords.

There are similar concerns about everything from internet-connected baby monitors to virtual assistants.

1 Comment

Please with your WRAL.com account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all
  • John Smith May 18, 8:13 a.m.
    user avatar

    Yeah, a sixth grader from Austin, Tx. Blew the socks off of "security experts" at a conference in the Netherlands on Tuesday. I believe he was able to use one of the senior security officials personal device as a gateway. Gives you warm fuzzy feelings that the "experts" got schooled by an 11 year old, huh?