Vtech breach: Passwords ‘not securely stored’

7 Dec 2015 | Author: | No comments yet »

Educational Toy Company VTech Hit by Data Breach.

Embattled electronic and educational toy company VTech is now warning customers their encrypted passwords may have been decrypted by hackers, after the company was hit with a massive data breach last month.In an email to customers, VTech said although passwords were encrypted, “It is possible that the hacker may have decrypted it.” Story continues below Last week, the company confirmed more than 10 million customer accounts – including 6.3 million children’s user profiles – were affected by the data breach. In Canada, over 237,000 adult profiles and over 316,000 kids profiles were affected.Data from both parents and children was exposed after its Learning Lodge app database was hacked.

The database also contained kids’ profile information, including names, genders and dates of birth.It’s also alleged the hacker also obtained children’s head shots attached to gaming profiles, as well as chat logs between kids and parents. The customer data is located in VTech’s Learning Lodge application store, where customers download apps, e-books, and other content for VTech’s products. VTech has yet to confirm these allegations, noting that its investigation is ongoing; however, the company did admit that while audio files and photos are encrypted on its system, chat logs are not.READ MORE: Kids’ data is valuable too – children at risk of identity theft following VTech hackBut security experts allege the company did not have proper encryption protocols in place, making it even easier for hackers to decrypt them.“So @vtechtoys don’t even understand what encryption is.

The company said the database doesn’t contain credit card information because customers are routed to a third-party payment site when purchasing VTech products. Colour me surprised,” Rik Ferguson, vice president of security research at Trend Micro, tweeted Monday.From the @vtechtoys mail today “Regarding the password you used, it was encrypted. It does contain general profile information of the customers, such as name, e-mail address, encrypted password, secret question and the answer, Internet protocol address, mailing address and download history, in addition to the name, gender and birthdates of children who use the company’s products.. VTech launched an investigation upon discovering the breach, including “a comprehensive check of the affected site and implementation of measures to defend against any further attacks,” according to the company’s statement. Similarly, the longer the password the better.READ MORE: How to protect yourself from security breaches on social media sitesPasswords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – despite being hard to remember.One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”And remember, try not to use the same password for any two accounts.

Here you can write a commentary on the recording "Vtech breach: Passwords ‘not securely stored’".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site