ID-theft criminals may be the ultimate Grinch this holiday season as kids’ smart toys create vulnerabilities for hacking, data theft and cyberattacks.

While the Black Friday and Cyber Monday cyberthreats are behind us, we cannot let our guard down, as ID- theft criminals continue to target new access points through the Internet of Things — for example, children’s toys. Mattel’s Barbie Doll, the iconic doll series coveted by millions of children, has now become “smart,” and that sadly means there’s a dark side. The cybervulnerability of smart toys is all too real.

Smart toys, similar to other smart devices and appliances, connect to your home’s Wi-Fi network. This means that if compromised, criminals have a conduit into all activities on your home network. ID-theft criminals may then attempt to garner your personally identifiable information, access your home security system or listen to personal conversations through baby monitors or even the new Hello Barbie doll.

According to the Huffington Post, the new Hello Barbie doll, which connects to the Web to provide answers to your children’s questions, “uses a microphone, voice recognition software and artificial intelligence to enable a call-and-response function similar to Siri or Google Now. A free smartphone app that connects the toy to a user’s Wi-Fi network brings this Barbie into a class of technology often referred to as the Internet of Things, or IoT.”

To the credit of Mattel, the company that markets the Barbie brand, it has partnered with entertainment company ToyTalk to develop the doll’s information-security technology to minimize potential security issues and to protect consumers’ security. However, it’s not just smart toys that create an opportunity for cybercriminals to steal our children’s information, such as names, ages and even photographs. It’s also through direct attacks on organizations where parents register their children’s information, such as VTech, a recent data-breach victim with millions of records compromised.

The VTech website advises that “4.8 million customer (parent) accounts and 6.3 million related kid profiles worldwide are affected, which includes approximately 1.2 million Kid Connect parent accounts. In addition, there are 235,000 parent and 227,000 kids accounts in PlanetVTech. Kid profiles, unlike account profiles, only include name, gender and birthdate.”

Understand that anytime you create accounts for your children for educational products or services, both you and your children’s information is a target for hackers. This is because hackers are looking for information such as your e-mail address or passwords. Simply attaining your e-mail address allows hackers to engage in spear phishing attacks, which have proven incredibly effective. Hackers also realize that people oftentimes utilize the same passwords for multiple sites. They can take the password to try to drain your bank accounts.

Mark’s most important: Don’t let cybercriminals steal your happy holidays by using strong and up-to-date Wi-Fi security along with strong password management.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix. Contact him at

This article was originally published on and republished with the author’s permission.