Toymaker VTech hit by largest-ever hack targeting kids

2 Dec 2015 | Author: | No comments yet »

Aussies hit by VTech leak.

It’s believed tens of thousands of Australians and New Zealanders may have been caught up in a leak of confidential information by children’s technology giant VTech. Digital toymaker VTech on Tuesday announced that hackers stole information collected by its products on 6.4 million children, highlighting that not even minors are safe from the threat of data breaches.The toymaker on Tuesday confirmed that more than 10 million user accounts — including 6.3 million accounts attached to children — were breached because of the company’s security practices. The Hong Kong-based company, which manufactures gadgets, tablets and baby monitors, has acknowledged a breach after the details of up to five million VTech customers worldwide were accessed by hackers in mid-November. “We are aware of reports of some 18,000 Australian parents and children being affected by the VTech app breach,” Australian consumer advocacy group Choice said in a statement. “The breach is a timely reminder to change your passwords on a regular basis and check to see what data security measures you have in place in your home.” Australian digital security expert Troy Hunt, who helped Motherboard website verify the leak, said companies weren’t getting the message on securing customer data. “Taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people,” Mr Hunt wrote on his blog. The data breach — first reported by Lorenzo Franceschi-Bicchierai of Motherboard — didn’t just put user information at risk, it included avatars of children and chat logs between kids and their parents.

The Connecticut and Illinois attorneys-general on Monday said they would probe the breaches, though their representatives declined comment on the focus of their inquiries. The company said that a hacker accessed its “Learning Lodge” app store database, which allows customers to download new software for numerous VTech toys — many of which are aimed at young children. “In total 4,854,209 customer [parent] accounts and 6,368,509 related kid profiles worldwide are affected,” the company said. 2.2 million of the parent accounts and 2.9 million children’s accounts were registered to customers in the United States. On Monday, VTech claimed that about 200,000 children accounts were part of the breach, but in an updated statement on Tuesday, the company admitted that millions were affected. The data taken from VTech could also be used to craft an attack on other Web accounts used by the parents – or to even open phony credit card accounts in their names, says Arun Vishwanath, an associate professor of communication at the University at Buffalo.

Learning about a person’s lifestyle and family can make it easier to commit fraud or answer password security questions like “what is your pet’s name,” or to target kids years from now when they create their own online profiles and bank accounts, he adds. Kid profiles unlike account profiles only include name, gender and birthdate.” VTech admits that its database “was not as secure as it should have been.” And it admits that although audio files stored on its servers were stored in AES-128 encryption (which is a start but hardly the more secure AES-256), chat logs were not encrypted at all. The Federal Trade Commission has called for companies to address the privacy risks of WiFi-connected devices – also known as the Internet of Things.

Along with VTech, this new generation of connected toys includes “Hello Barbie,” a version of the classic doll that can talk with a child by recording the child’s voice, storing it on a cloud server run by company ToyTalk and answering using keyword-based responses from a database. Suni Munshani, CEO of data security software company Protegrity, says parents who want to buy their kids connected toys this holiday season should question the manufacturers “about the data they collect from their children, how it is used, who has access to it, and how it is secured.” But ToyTalk, Mattel’s technology partner, in a blog post last week pointed to the “many safety features that have been integrated” into the design of Hello Barbie.

Here you can write a commentary on the recording "Toymaker VTech hit by largest-ever hack targeting kids".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site