Smart sleep mask leaks thousands of users' brainwaves to open server

A security researcher discovered a Kickstarter smart sleep mask broadcasts users' raw EEG brainwave data, respiration, and movement to an open MQTT broker. Using AI to reverse-engineer the app, they found hardcoded credentials granting access to live feeds from about 25 active devices. The flaw allows anyone to subscribe to and record strangers' sleep data, including REM cycles, and even send electrical stimulation commands back to the masks.