AI Toy Web Portal Exposed 50,000 Children's Conversations Via Gmail Login

Security researchers discovered that the web portal for the AI-enabled children's toy, Bondu, allowed unauthorized access to nearly all recorded user chats. Access was granted simply by logging in with any valid Gmail account, exposing sensitive data on over 50,000 interactions. This incident highlights significant vulnerabilities in consumer-facing AI device data handling.