What Happened
In September 2023, educational robotics company Sphero experienced a data breach affecting approximately 832,000 individuals. A hacker exploited multiple security vulnerabilities in Sphero’s GraphQL API and other infrastructure components to steal personal data, which was subsequently posted on a darknet forum on September 9, 2023. The exposed data included names, email addresses, dates of birth, geographic locations, usernames, account IDs, membership history, job roles, and API keys for Sphero’s internal systems. The breach impacted educators and students worldwide who use Sphero’s STEM kits and robots for learning enhancement. In response, Sphero addressed the security vulnerabilities, strengthened its security protocols, collaborated with cybersecurity experts, notified affected users, and advised them to change their passwords.
