Poor security exposes VTech baby toy users to hackers

1 Dec 2015 | Author: | No comments yet »

Security Breach at Toy Maker VTech Includes Data on Children.

In the first breach that seems to have hit both adults and children at the same time, interactive toy maker VTech has confirmed hackers have accessed private data including names, email addresses, and passwords as well as some mailing addresses and download history.VTech, a Hong Kong company that sells tablets and other electronics as educational tools, said in a statement that its Learning Lodge database had been compromised on Nov. 14. The company claims that no credit card data was stolen but it seems that multiple headshots of parents and children are now in the wild due to the breach.

An anonymous researcher discovered a trivial exploit that allowed them to export over 4 million individual parent records and about 280,000 child records. The photos came from parents who were encouraged to take pictures while setting up some VTech toys but it is not clear if these are connected to specifically user accounts. Troy Hunt, an Internet security expert, wrote this weekend that while adults were becoming accustomed to data breaches, compromising the identities of children was jarring. However, security researcher Troy Hunt was able to confirm that the data did come from a number of VTech customers and that it does reflect some version of the company’s customer database.

The hacking at VTech joins a growing list of prominent data breaches in recent years, including at major retailers like Target, websites like Ashley Madison and corporations like Sony. The security flaws are manifold, said Hunt. “This is all discoverable by using their websites precisely as they were intended to be used which on the one hand means that it’s easily obtainable information by anyone yet on the other, means that they could also have readily identified a whole raft of flaws themselves if only they’d looked,” he said. “For example, there is no SSL anywhere. Those passwords will match many of the parent’s other accounts and they deserve to be properly protected in transit.” The researcher could not tell if others have access to this data. They have create emails to request further information regarding the breach. VTech Holdings Limited today announced that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.

Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.

Here you can write a commentary on the recording "Poor security exposes VTech baby toy users to hackers".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site