It’s been a bad day for the internet, not to mention the general concept that allowing electronic connections into our lives might be anything less than the recipe for a dystopic hellscape. Earlier today, various “smart” houses reportedly got unpleasantly dumb thanks to outages with Amazon’s servers, and now reports are coming that not even our adorable, plushy toys are safe.
In a news story that would make for a pretty great metaphor, if it weren’t a thing that was actually happening, The Guardian reports that certain web-connected teddy bears and other fluffy stuffed animals are rife with security flaws that can be exploited by hackers. Specifically, it’s been alleged that Bluetooth-enabled plush creators CloudPets—whose stuffed animals contain speakers that allow parents to upload messages for their kids from the web—has been subject to numerous data breaches, with as many as 500,000 records apparently grabbed. It’s not clear if any of the audio recordings have made it into the hands of hackers as well; the devices are password protected, but CloudPets doesn’t enforce much in the way of password strength requirements, meaning it wouldn’t be hard to get in for any number of poorly protected pets. A spokesman for the company denied that any audio messages had been stolen, but didn’t deny that records had been accessed.