Data breach at toy maker VTech leaked photos of children, parents

1 Dec 2015 | Author: | No comments yet »

Security Breach at Toy Maker VTech Includes Data on Children.

In the first breach that seems to have hit both adults and children at the same time, interactive toy maker VTech has confirmed hackers have accessed private data including names, email addresses, and passwords as well as some mailing addresses and download history.VTech, a Hong Kong company that sells tablets and other electronics as educational tools, said in a statement that its Learning Lodge database had been compromised on Nov. 14. The company claims that no credit card data was stolen but it seems that multiple headshots of parents and children are now in the wild due to the breach.

Attorneys general in the U.S. states of Connecticut and Illinois said on Monday that they would probe the breaches, though their representatives declined comment on the focus of their inquiries. An anonymous researcher discovered a trivial exploit that allowed them to export over 4 million individual parent records and about 280,000 child records. The photos came from parents who were encouraged to take pictures while setting up some VTech toys but it is not clear if these are connected to specifically user accounts. Troy Hunt, an Internet security expert, wrote this weekend that while adults were becoming accustomed to data breaches, compromising the identities of children was jarring. Meanwhile, some experts said that they expect to see more breaches involving information collected through digital toys and other web-connected devices, a category of products known in tech circles as the Internet of Things, or IoT.

They said that manufacturers in many industries lack the security experience and expertise that the computer industry has developed over the surge in Internet use over the past two decades. “You have all these devices and services that are connecting to the Internet by companies that don’t have the experience that older software companies do in securing their data,” said Katie Moussouris, chief policy officer with HackerOne, a “bug bountgy” firm that helps businesses work with researchers to find cyber bugs. “VTech is a toymaker and I don’t expect them to be security superstars. However, security researcher Troy Hunt was able to confirm that the data did come from a number of VTech customers and that it does reflect some version of the company’s customer database. The hacking at VTech joins a growing list of prominent data breaches in recent years, including at major retailers like Target, websites like Ashley Madison and corporations like Sony. The security flaws are manifold, said Hunt. “This is all discoverable by using their websites precisely as they were intended to be used which on the one hand means that it’s easily obtainable information by anyone yet on the other, means that they could also have readily identified a whole raft of flaws themselves if only they’d looked,” he said. “For example, there is no SSL anywhere. Larry Salibra, chief executive of bug-testing platform provider Pay4Bugs, said that it looks like VTech failed to properly secure sensitive data by encrypting it to be difficult to unscramble and useless if stolen.

Those passwords will match many of the parent’s other accounts and they deserve to be properly protected in transit.” The researcher could not tell if others have access to this data. They have create emails to request further information regarding the breach. VTech Holdings Limited today announced that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks. Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.

Here you can write a commentary on the recording "Data breach at toy maker VTech leaked photos of children, parents".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site