The brand, called CloudPets, was found last year to have been storing millions of owners’ voice recordings online, BBC reports.
CloudPets is a line of soft animal toys with an inbuilt microphone and speaker that lets children record messages and listen to those of friends and family. The recordings can then be stored online via Bluetooth.
In February 2017, security researcher Troy Hunt discovered that the recordings were being retrieved by unauthorized users and held for ransom.
London-based Context Information Security also found that hackers could use the toys to spy on owners, as long as they were within Bluetooth range.
Research commissioned by the non-profit Mozilla Foundation, the developer of the Firefox browser, subsequently identified further vulnerabilities.
Manufacturer Spiral Toys claimed that it took “swift action” in response to the warnings, researchers said they had contacted the company several times before any action was taken.
“It seems that refusing to sell products that threaten customers’ security and privacy is the only way to make designers and manufacturers of these products care about these risks,” Angela Sasse, a professor of human-centered technology at University College London, told the BBC.
In 2015, a cyberattack on the Hong Kong-based children’s toy manufacturer VTech compromised the personal data of five million parents and children.