Whoops: ‘AI’ Toy Company Leaks Chat Logs, Personal Data Of 50,000 Toddlers
My biggest complaints with AI tend to be with the human beings who are rushing language learning models into mass adoption without doing their basic due diligence. Like AI toy maker Bondu, the creator of “AI” enabled stuffed animals, which recently left the stored chat logs children have with their polyester-filled automated friends openly available online to anybody with a Gmail account:
“[security researcher Joel Margolis] made a startling discovery: Bondu’s web-based portal, intended to allow parents to check on their children’s conversations and for Bondu’s staff to monitor the products’ use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu’s child users have ever had with the toy.”
At this point there’s just no excuse for this sort of thing. We’ve been writing for more than a decade about how most “smart,” internet-connected toys were being rushed to market without adequate privacy and security safeguards, creating OpSec risks for kids before they’ve even been adequately potty trained.
Now, as we’ve done in sectors like health insurance and journalism, we’ve slathered half-cooked language learning models all over existing dysfunction we refused to address, called it innovation, and then ignored the fact we’ve introduced entirely new problems.
In this case, the included exposed data included kids’ names, birth dates, family member names, and even the detailed summaries and transcripts of every previous chat between the child and their Bondu stuffed animals.
On the plus side, once alerted, the company quickly fixed the issue in a matter of minutes. And when asked by journalists about it, didn’t try to lie about the problem (a low bar, but still):
“When WIRED reached out to the company, Bondu CEO Fateen Anam Rafid wrote in a statement that security fixes for the problem “were completed within hours, followed by a broader security review and the implementation of additional preventative measures for all users.” He added that Bondu “found no evidence of access beyond the researchers involved.”
If hackers are clever they don’t leave many footprints, so that last bit might not be worth much.
One recent survey found that 84 percent of Americans want tougher privacy laws. But corruption has ensured that the country still lacks even baseline internet-era privacy protections. The powers that be have decided, repeatedly, to prioritize mass commercialized surveillance over public safety, and it’s only a matter of time before those chickens come home to roost in ways we can’t even begin to consider.