VTech Hack Exposes 6.4 Million Children’s Profiles

2 Dec 2015 | Author: | No comments yet »

Hackers steal kids’ data from gadget maker VTech.

HONG KONG — VTech Holdings is working with regulators in Hong Kong after a hacking attack at the maker of electronic toys and computer tablets compromised the privacy of millions of children and parents.Digital toymaker VTech Holdings Ltd said on Tuesday that data on about 6.4 million children was exposed in a hack of information on customers in more than a dozen countries.Children’s technology maker VTech says the personal information of about five million of its customers and their children may have been stolen by hackers. (Handout/VTech) VTech is the world’s largest maker of cordless phones. The Hong Kong-based firm initially disclosed the attack on Friday, and said hackers took data of nearly 5 million adults, but it did not disclose how many children’s profiles were accessed.

The hackers also obtained children’s photos and chat records from VTech’s Kid Connect service, which allows adults to use their smartphones to chat with kids using VTech tablets, reported technology blog Motherboard. VTech runs an online store called the “Learning Lodge” that sells apps, e-books, and other content for its suite of educational tablets and devices.

People unwittingly trusting their personal information in a company that wasn’t equipped to handle it.” The company’s statement said the children’s profiles included only name, gender and birth date. A hacker interviewed by Motherboard’s Lorenzo Franceschi-Bicchierai said that they used a “SQL injection” attack, a simple and extremely common hacking technique in which hackers enter commands into website forms in order to make websites serve desirable data.

Stolen data on their parents included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password. This week, they confirmed that the breach involved more than five million accounts, belonging to parents and kids, including information from Canadian customers.

Such attacks are easy to defend against, but VTech did not have the proper protocols to do so. “It was pretty easy to dump, so someone with darker motives could easily get [the information from VTech],” the hacker told Motherboard in an encrypted chat. The largest number customers whose data was accessed were in the United States, followed by France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands. The perpetrators could use the information to access social media profiles or to target children online, said Mr Bryce Boland, Asia chief technology officer for FireEye. “It may be that this data theft is only the tip of the iceberg,” he said in an e-mail. “Until there is a thorough forensic investigation, they won’t know if they can still be sucker-punched in cyberspace. But for customer accounts — the kind of account a parent would set up — the database includes a lot of information, including names, email addresses, passwords, password reset questions and answers, IP addresses, mailing addresses, and the download history for an account. VTech has said that credit card information, Social Security numbers, and driver’s’ license numbers are not stored either in the Learning Lodge or in their customer database, and have not been affected by the breach.

The horse may have bolted, but that doesn’t mean the hacker didn’t move from the barn to the house.” Hackers accessed five million customer accounts through VTech’s Learning Lodge database, where users download applications, learning games and e-books. Avner Levin, director of the Privacy and Cybercrime Institute at Ryerson University, says this breach is different because it involves kids’ information — and it raises some questions about parents’ responsibility. The company announced Monday that hackers may have accessed personal data of five million customers. (Handout/Canadian Press) “You really have to watch out and not sort of jump into all of these neat little ideas, of creating like neat little kiddie accounts. Stop and think — is that what you want to do?” he said. “You’re creating these digital footprints for your kids that are going to go and accompany them throughout life. Mr Larry Salibra, chief executive of bug-testing platform provider Pay4Bugs, said that it looks like VTech failed to properly secure sensitive data by encrypting it to be difficult to unscramble and useless if stolen.

In a post on his website, Troy Hunt, the security researcher who helped verify the VTech breach, said the company had some alarming security practices. Avner Levin, who is both a parent and a security researcher, says if your child is going to have an online account or profile, a little obfuscation is in order. “Change the age, change the gender, change the name, change whatever you can so that you don’t actually have a record of your child online with their real information that can then be stolen and used,” he said.

Here you can write a commentary on the recording "VTech Hack Exposes 6.4 Million Children’s Profiles".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site