A web portal linked to an AI-powered children’s toy allowed nearly anyone with a Gmail account to access private chat conversations between kids and the device’s AI companion. The vulnerability, discovered by cybersecurity researchers, exposed sensitive data from young users, raising serious concerns about privacy and data security in children’s tech products. The toy, marketed as a friendly AI assistant for kids, used a web portal to let parents monitor interactions between their children and the AI. However, a flaw in the portal’s authentication system meant that instead of restricting access to authorized users, it only required a valid Gmail account to log in. This meant that anyone with a Gmail address—regardless of whether they were a parent or associated with a child using the toy—could potentially view chat logs from other users. Security experts found that simply entering a Gmail address and using a standard login process was enough to access the chat history of other children. In some cases, the portal displayed not only full transcripts of conversations but also personal details such as names, ages, and even location information. The issue was reported to the company, which quickly took the portal offline and began investigating. The company has since acknowledged the flaw and stated that it has implemented stronger authentication measures to prevent unauthorized access. It also confirmed that no evidence of malicious use has been found, though the exposure of children’s private data remains a serious concern. Privacy advocates warn that such lapses highlight the risks of collecting and storing sensitive information from minors, especially when security measures are inadequate. The incident underscores the need for stricter oversight and more robust safeguards in products designed for children, particularly those that rely on cloud-based data and AI. The company has promised to enhance its security protocols and improve transparency around data handling. It also plans to notify affected families and offer guidance on protecting their children’s online privacy.