Particle.news
Download on the App Store
3 ARTICLES
·
8h ago

AI Plush Toy Maker Bondu Exposed 50,000 Children’s Chats Before Securing Console

Bondu says it secured the system after researchers found a publicly accessible console exposing tens of thousands of children’s chat logs.

Overview

  • Security researchers Joseph Thacker and Joel Margolis accessed Bondu’s public web console using a generic Google login, with no hacking required.
  • Roughly 50,000 transcripts of child–toy conversations were exposed, including full names, birth dates, family details, and intimate discussions, with only manually deleted chats absent.
  • Researchers warned the data could enable criminals to target children, with Margolis calling the exposure “a kidnapper’s dream.”
  • Bondu says it took the console offline within minutes, restored it with authentication, completed fixes within hours, and hired a security firm, reporting no evidence of other access.
  • The episode heightens scrutiny of AI toys that use cloud LLMs like Google Gemini and OpenAI’s GPT and retain chat histories for personalization, prompting renewed calls for stronger safeguards.