Home / Technology / AI Toy Exposes 50,000 Kids' Private Chats
AI Toy Exposes 50,000 Kids' Private Chats
30 Jan
Summary
- Over 50,000 children's chat transcripts were accessible.
- Personal data included names, birth dates, and family details.
- A security flaw allowed access with a simple Google login.
Earlier this month, security researchers Joseph Thacker and Joel Margolis discovered a critical data vulnerability in the Bondu AI chat toy. The toy's web portal, designed for parents to monitor interactions, was unsecured, allowing access to approximately 50,000 children's chat transcripts and personal data, including names and birth dates, merely by logging in with a Google account.
Bondu's CEO stated that security fixes were implemented within hours and a broader review was conducted. While the company found no evidence of access beyond the researchers, the incident has raised alarms about the security of sensitive child data stored by AI toy companies. The researchers emphasize that such accessible data poses risks for manipulation and abuse.
This breach also brings to light concerns about AI toy companies potentially sharing user data with third-party AI service providers, like Google's Gemini and OpenAI's GPT, even with contractual protections. Furthermore, researchers speculate that the insecure portal itself might have been developed using generative AI tools, which can introduce security flaws.
