An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account (www.wired.com)

A significant data breach involving the AI-enabled toy "Bondu" has exposed over 50,000 chat logs between children and the toy, accessible to anyone with a Gmail account. Security researchers Joseph Thacker and Joel Margolis uncovered this vulnerability while investigating the toy's web portal, revealing that sensitive information such as children's names, preferences, and detailed conversation transcripts were publicly accessible without any form of authentication. Bondu promptly rectified the issue after being alerted, but the incident raises serious concerns about the privacy and security of data collected by AI toys, especially regarding how such sensitive information could be misused. The situation highlights the broader implications of data protection in AI toys, emphasizing the need for robust security measures in managing children's data. Thacker and Margolis warn that the exposed information could be exploited for malicious purposes, including potential child endangerment. Despite Bondu's claims of employing safety checks and using third-party AI services for responses, the incident calls into question the effectiveness of these safeguards. As AI-enabled toys become more prevalent, this breach illustrates the urgent need for stricter data privacy protections and accountability within the industry.