Cloudpets’ customer data was left unprotected from December 2016 to 8 January in a publicly available database that wasn’t protected by any password or a firewall. Spiral Toys’ line of internet-connected stuffed animal toys, which allow children and relatives to send recorded voicemails back and forth, reportedly left the voice messages recorded between parents and children and other personal data to online hackers. CloudPets’ database was overwritten twice in early January, when cyber criminals were actively scanning the Internet for exposed or badly-configured MongoDB databases to delete their data and ultimately hold it for ransom.
Source: https://thehackernews.com/2017/02/iot-teddy-bear.html