AI Toy Privacy Fumble Exposes 50,000 Private Chat Logs With Kids

An AI-powered toy company exposed more than 50,000 private chat logs between children and its products after leaving a web console almost completely unsecured. According to WIRED, anyone with a Gmail account could access transcripts of conversations kids had with Bondu's AI-enabled stuffed animals, along with names, birth dates, family details, preferences, and other sensitive information. The flaw was discovered by security researchers who say they didn't need to hack anything; they just logged in. Bondu shut down the exposed console quickly after being notified and says it found no evidence of misuse beyond the researchers themselves.

Now, anyone shocked that a cloud-connected product shipped with a serious security flaw is seriously underestimating how often this happens. Software has bugs, authentication gets misconfigured, and dashboards end up exposed to the public internet—especially in fast-moving startups trying to ship products before competitors do. What matters in this ...