As a parent of an elementary-school child, I end up seeing a lot of children’s television. One of the most popular shows in our home is Teen Titans Go!, a brilliantly absurd comedic show about teen superheroes in the DC universe.
Since I see a lot of kids’ TV, I see a lot of kids’ commercials. One commercial I saw frequently last year was for Cloudpets, little teddy bears you could use to send voice messages to your kids from afar. The commercials showed a father who had to travel for business, a distant grandmother, and more all recording messages on their phones that their kids would listen to via their bears.
The bears themselves were not connected to the net. All messages would first be downloaded to a parent’s phone, and once approved, would be sent to the toy via bluetooth.
I immediately felt that this technology was an incredible waste of money (if you have connectivity, why not just call or send voice messages), but so are many toys, so I shrugged it off. I didn’t think of cloudpets again until last week, when Troy Hunt posted about yet another high profile breach (or rather, leak). I won’t spend a lot of characters outlining the leak; Troy does a great job of summing it up and he deserves the clicks.
My first reaction was disappointment, however. Reading about the technical decisions that led to the leak, it was easy to reconstruct the situations inside the company. Insufficient technical staff, insufficient support staff, dependencies on disappearing third party products, revenue valued over everything else. The picture became even more complete when the stock price was shown.
And then CloudPets did what so many other companies have done in the past — went into full-blown denial mode. You can read the details towards the end of Troy’s post. They denied the scope of the breach, they attacked the reputations of those who reported the breach, and they fudged details of the timeline. Facing increased public scrutiny, they doubled down instead of folding, making these same responses part of their legal disclosure to the state of California. Now, the government is pressing them for details and they do not seem amused.
I was sad, sad for everyone who worked there. Can you imagine the toxic culture inside the walls of this company? A CEO who tosses juvenile insults at security researchers and industry reporters? A complete disregard for security and privacy regulations and values even when dealing with children’s toys? Total inability to learn from the lessons of those in the industry before you who have made the exact same mistakes you’ve made?
All I could think of was how much this episode demonstrates the importance of an ethical corporate culture, from the CEO down to the individual developer. I can’t believe that nobody (from top to bottom) in that company never thought “Wait, this isn’t the right move.” Were they afraid to speak up? Did they speak up and were silenced by executives? What corporate culture led this company to where they have ended up, stock price hovering just above zero and nothing but negative publicity and trouble with the law in their future?
Everyone in your company has the power to influence the culture. Influence it in the right way. And if you find yourself looking for a job, try to get a read on it before you come aboard. While I applaud those who try to fix the culture from within, it’s probably much less stressful to land somewhere healthy and keep that rolling instead.