**An AI Toy Exposed 50K Logs of Its Chats With Kids To Anyone With a Gmail Account**

The seemingly innocent world of child-friendly technology has been rocked by a stunning revelation. A recent discovery by a security researcher has exposed a shocking vulnerability in an AI-powered toy, leaving thousands of children's private conversations open to anyone with a Gmail account.

Joseph Thacker, a security expert, was approached by his neighbor earlier this month about her concerns over the Bondus toy. The toy, designed for young children, features an AI chat function that allows kids to engage in conversations with the toy like a virtual friend. However, when Thacker's neighbor mentioned his background in AI risks for kids, she thoughtfully asked for his opinion on the product.

Thacker took it upon himself to investigate the toy's security measures and was joined by web security researcher Joel Margolis. With just a few minutes of work, they stumbled upon a critical flaw that left millions of children's conversations exposed. The researchers discovered that Bondu's web-based portal, intended for parents to monitor their child's interactions with the toy, also allowed anyone with a Gmail account to access transcripts of virtually every conversation.

The consequences were staggering. Without any actual hacking required, Margolis and Thacker simply logged in with an arbitrary Google account and found themselves viewing private conversations between children and their Bondu toys. The data was readily available, including:

• Children's names and birth dates • Family member names • "Objectives" for the child chosen by a parent • Detailed summaries and transcripts of every previous chat between the child and their Bondu

The researchers found that more than 50,000 chat transcripts were accessible through this exposed web portal. The alarming ease with which they gained access to sensitive information prompted them to alert Bondu about the findings.

The company responded promptly by taking down the console within minutes of being notified and relaunching it the next day with proper authentication measures in place. "We take user privacy seriously and are committed to protecting user data," said Fateen Anam Rafid, CEO of Bondu, in a statement. "We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections." The company has also hired a security firm to validate its investigation and monitor its systems moving forward.

The incident raises disturbing questions about the security measures in place for child-friendly technologies. As AI-powered toys become increasingly popular, it's essential that manufacturers prioritize user data protection and implement robust security protocols to safeguard sensitive information. This incident serves as a harsh reminder of the importance of rigorous testing and evaluation in the development process.