• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

2

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

3

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living

1

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

2

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

3

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
TechInternet of Things

This Fisher-Price Smart Toy Bear Had Data-Leak Vulnerability

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
February 2, 2016, 9:00 AM ET
Screenshot from Fisher-Price.com
Add Fortune on Google for similar content.

Call it a teddy bug.

The Mattel (MAT) Fisher-Price smart toy bear is one of two playthings that a security researcher recently found vulnerable to leaking customer and kids’ data. The other is the hereO GPS watch, a device designed to track the location of family members that also allows them to message one another.

Mark Stanislav, manager of global services at the Boston-based cybersecurity firm Rapid7 (RPD), discovered some of the coding flaws after receiving an Internet-connected teddy bear at a “diaper party” last fall (ostensibly a gift intended for his then unborn daughter). He tore the toy apart a day later to look for computer bugs, he told Fortune.

Get Data Sheet, Fortune’s technology newsletter.

Stanislav discovered that the programmers had designed the bear’s backend to use unsecured application programming interfaces (APIs)—portions of code that allow pieces of software to interact—enabling an attacker to learn profile information about registered children, such as names, dates of birth, genders, and spoken languages. Rapid7 officially disclosed these findings on Dec. 8, and Mattel addressed the issues by Jan. 19.

Prior to prying open that WiFi-stuffed animal, Stanislav had analyzed another gadget. He found that a buggy API in a watch created by the startup hereO allowed him to access family members’ location, GPS logs, and even to mess with other features, like possibly spying on communications. Rapid7 alerted the company in early Nov. and hereO fixed the bugs in mid-Dec.

Stanislav, who previously investigated how easily certain baby monitors could be hacked, undertook the research in his spare time. He is a contributor to the cybersecurity-oriented Online Trust Alliance, a Seattle-based non-profit organization, and a co-founder of a computer security initiative called builditsecure.ly that aims to promote computer bug reporting. One of his hobbies is to hack Internet of things devices.

Stanislav, who recently became a father, said he focused on toys as a natural extension of his past research. He also said he hoped to drive home the point about the dangers of Internet-connected devices while improving their security. “I really find it fascinating how much connectivity we’re putting onto people so young, and the security and privacy and safety aspects that go along with that,” he said.

“I’m sure somewhere deep down the fatherhood thing factored in as well,” he added.

These two toy vulnerabilities are the latest in a spate of reports about kids’ gadgets that have been prone to hacking, including Mattel’s Hello Barbie Doll and Chinese toymaker VTech’s (VTKLF) educational children’s products.

For more on techie toys, watch:

Tod Beardsley, the security research manager at Rapid7 who coordinated the vulnerability disclosures, described the flaws as “pretty stock web API vulnerabilities” that more tech-savvy companies probably would have caught before going to market. He did praise the companies for taking quick action to resolve the issues, however.

“Even if they did ship vulnerabilities initially with these products, they did fix them and take responsibility for them,” he said.

Kenya Friend-Daniel, a spokesperson for Mattel and Fisher-Price, sent Fortune the following statement via email. “We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person.”

HereO did not immediately reply to Fortune’s request for comment, kicking back an auto-generated email that acknowledged the message’s receipt and that there would be delays due to “a significant increase in the number of requests.”

Update (Feb. 3):

HereO has supplied Fortune with the following statement. “The vulnerability was patched within 4 hours of identification, we had yet to commence shipping of our GPS watches at the time, and most importantly, we can confirm that none of our users’ data or security was compromised,” said Eli Shemesh, the company’s chief technology officer.

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Tech volatility hits highest since dot-com bust next to S&P 500
Investingtech stocks
Tech volatility hits highest since dot-com bust next to S&P 500
By Bernard Goyder and BloombergJuly 7, 2026
37 minutes ago
In this photo illustration, a Sk Hynix logo is displayed on a smartphone with stock market percentages in the background.
AICFO Daily
SK Hynix—which supplies memory chips to Nvidia—is about to test Wall Street’s appetite for the next wave of tech IPOs
By Sheryl EstradaJuly 7, 2026
2 hours ago
Hussein Fazal poses in front of the Super.com NASCAR car
Startups & VentureTerm Sheet
The $1.2 billion startup that wants to become Amazon Prime for savings
By Lily Mae LazarusJuly 7, 2026
3 hours ago
Xbox CEO Asha Sharma at Fortune Brainstorm Tech 2026 in Aspen, Colo. (Photo: Stuart Isett/Fortune)
NewslettersFortune Tech
Microsoft’s Xbox will cut 3,200 jobs and divest five studios
By Andrew NuscaJuly 7, 2026
4 hours ago
j
CommentaryEducation
AI didn’t break higher education—It exposed the credential trap
By Jason BenedictJuly 7, 2026
5 hours ago
Photo: Asha Sharma
North AmericaMarkets
Game over for 20% of Xbox staff as Microsoft hits reset: We ‘didn’t focus on the core business,’ CEO says. ‘We simply spread ourselves too thin.’
By Jim EdwardsJuly 7, 2026
6 hours ago

Most Popular

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
AI
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
2 days ago
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
Success
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
By Preston ForeJuly 6, 2026
23 hours ago
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
Success
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
By Preston ForeJuly 4, 2026
3 days ago
Current price of oil as of July 6, 2026
Personal Finance
Current price of oil as of July 6, 2026
By Joseph HostetlerJuly 6, 2026
1 day ago
Current price of silver as of Monday, July 6, 2026
Personal Finance
Current price of silver as of Monday, July 6, 2026
By Joseph HostetlerJuly 6, 2026
1 day ago
The man who ran Bernie's campaign says Democrats are still making the same mistakes with Democratic Socialists, and they should laud Mamdani's win
Politics
The man who ran Bernie's campaign says Democrats are still making the same mistakes with Democratic Socialists, and they should laud Mamdani's win
By Catherina GioinoJuly 6, 2026
17 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.