Another Smart Toy Found To Be A Major Security Threat

Posted by Rebecca Prince on December 22, 2016


Smart toys are on a lot of Christmas lists this year because they interact with children to help them learn. But just remember the "smart" in smart toys means wi-fi connectivity, which means there's an opportunity for hackers to steal your information.

The United States Senate wants you to be extra cautious if you've purchased a smart toy for your child this Christmas. The Committee on Commerce, Science, and Transportation recently released a report titled "Children’s Connected Toys: Data Security and Privacy Concerns" that details the risks these toys pose.

VTech children's phones and tablets had a service called "Kid Connect" that allowed parents and kids to exchange texts, voice messages and pictures. The company collected the parents' email addresses, mailing addresses; the child's name, birthdate, and picture; and all the content that was sent through the phone or tablet. But VTech had "outdated and inadequate security practices" so a hacker gained access to more than 6.4 million child profiles and 4.8 million parent accounts.

Fisher-Price's Smart Toy Bear can have a conversation with your child and remembers what is discussed. To use the toy, children set up a profile that includes their name, gender, date of birth, parents' email addresses and other information. A vulnerability in the web service associated with the toy means hackers can access these profiles.

An authorization flaw with KGPS's herO watch made it so that strangers could figure out where your child is. Parents use the watch and the app to track their child's location. They view this information through an online account and they can send invites to share access with other family members. Hackers had the ability to request and grant themselves permission to the account.

Moving forward, the committee recommended that toymakers build security measures into the toys, design toys that collect less personal information, and clearly state what information is being collected instead of burying it in privacy policies. They even noted that if the privacy policy is hard to understand then you should reconsider giving that toy to your child. They also want the Federal Trade Commission to monitor the issue.

There aren't too many days left until Christmas, which means you may have finished your shopping already. If you purchased any smart toys, the committee says you should keep these things in mind:

  • Be aware of what information is collected, whether or not it will be shared, and how long it's kept by the company.
  • Research whether or not the toymaker has been a victim of data breaches in the past. If so, how was it handled?
  • Change the toy's default passwords and privacy settings. Only allow the toy to collect the information necessary for the toy to run properly.

How DuGood Can Help

Although we may not be able to pick out the right toy for your kids this Christmas, DuGood does take protecting your personal information very seriously.  We offer several ID Theft Protection options for our credit and debit card holders.  Also, be sure to keep an eye on our Security Center.  We post helpful blogs and updates there, so you and your family can stay safe from scammers.

Blog contributed by Ariyanna Norman of

Topics: Security