NCSA's Response to CloudPets Breach

Feb 28, 2017 12:32pm

On Feb. 28, families around the nation woke up to find out that CloudPets toys had been hacked and more than 800,000 user accounts and 2 million voice recordings – mostly of children and family members – were exposed in a major data breach.  

“As connected toys, appliances and cars are increasingly incorporated into our daily digital lives, the CloudPets breach illustrates that we all should pay close attention to what data is collected, particularly when our kids are involved,” said Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA). “Additionally, it is a sobering reminder of the need to be especially vigilant in establishing strong credentials and authentication on such devices that we normally wouldn’t associate with security risks. While many new, digitally enhanced toys offer the promise of unique user experiences, they are subject to the same risks of any digital device and require the same security and privacy design vigilance as they make their way into the marketplace.” 

The Internet of Things (IoT) and rapidly advancing technology are making our lives easier and unlocking potential for the future, but it’s important to remember to STOP. THINK. CONNECT.™ Consumers should demand clear communications on how their data is collected and insist that companies make privacy and security a top priority.

NCSA recommends following these tips to enjoy the countless benefits of cutting-edge tech and connected toys with more peace of mind:

  • Learn how to maintain the cybersecurity of your IoT devices: Protecting smart devices like wearables, toys and connected appliances might be different than securing your computer or smartphone. Research the process for keeping IoT devices secure before you purchase them, make sure that you know how your data is being used on new connected devices and take extra measures (like assigning new passwords) to safeguard your devices over time. 
  • Own your online presence: Understand what information your devices collect and how it’s managed and stored. 
  • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Pay attention to the Wi-Fi router in your home: Use a strong password to protect the device, keep it up to date and name it in a way that won’t let people know it’s in your house.
  • Research before purchasing: Check the cybersecurity history of devices before purchasing to see if there have been any previous security or privacy issues and if they have been resolved. 

The NCSA infographic below illustrates the growing presence of connected devices in the home while providing useful tips for consumers.

About the National Cyber Security Alliance

The National Cyber Security Alliance (NCSA) is the nation's leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with the U.S. Department of Homeland Security (DHS) and NCSA's Board of Directors, which includes representatives from ADP; AT&T Services, Inc.; Bank of America; Barclays; BlackBerry Corporation; CDK Global, LLC; Cisco; Comcast Corporation; ESET North America; Facebook; Google; Intel Corporation; LifeLock, Inc, Logical Operations; Mastercard; Microsoft Corp.; NXP Semiconductors; PayPal; PKWARE; Raytheon; RSA, the Security Division of EMC; Salesforce; SANS Institute; Symantec and Visa Inc. NCSA’s core efforts include National Cyber Security Awareness Month (October); Data Privacy Day (January 28) and STOP. THINK. CONNECT.™, the global online safety awareness and education campaign cofounded by NCSA and the Anti-Phishing Working Group, with federal government leadership from DHS. For more information on NCSA, please visit