Health Innovation Justice Media News Relations Science Technology

Toymaker VTech Hack Exposes 4.8 Million Customers, including Photos Of Children

Stay ahead of the curve... Get top posts first!

Thank you for subscribing!

Get updates on Facebook

Screen Shot 2015-12-03 at 11.25.01 PM

Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech.

Earlier this month, a massive data breach at VTech – the maker of tablets and gadgets aimed at children – exposed the personal details of about 4.8 Million parents and photos of more than 200,000 Children.
 Screen Shot 2015-11-29 at 6.58.43 PM
If that was not bad enough…
 Screen Shot 2015-11-29 at 6.58.43 PM
…it turns out that the massive cyber attack against the toymaker company also left hundreds of thousands of snaps of parents and children, as well as a year worth of chat logs kept online in a way easily accessible to hackers.
Screen Shot 2015-11-29 at 6.58.43 PM
”Frankly, it makes me sick that I was able to get all this stuff.”
Screen Shot 2015-11-29 at 6.58.43 PM

VTech Data Breach

Screen Shot 2015-11-29 at 6.58.43 PM
In a statement released Monday, the toymaker company VTech said the hacked database included victim’s profile information including:
Screen Shot 2015-11-29 at 6.58.43 PM
  • Customers’ names
  • Email addresses
  • Passwords (One-way encrypted using MD5 hash that can be cracked in no time)
  • Secret questions and answers for password retrieval
  • IP addresses
  • Residential addresses
  • Download history
The database also included information on children including names, genders and date of births.
 Screen Shot 2015-11-29 at 6.58.43 PM
However, the Hong Kong-based company noted the database didn’t contain any credit card or personal identification information like social security numbers (SSNs) and driver license IDs.
Screen Shot 2015-11-29 at 6.58.43 PM
1448912697592850
 Screen Shot 2015-11-29 at 6.58.43 PM

Hack Leaks Photos and Chat Logs of Children & Parents

Screen Shot 2015-11-29 at 6.58.43 PMScreen Shot 2015-11-29 at 6.58.43 PM
What’s even more worrisome is that…
 Screen Shot 2015-11-29 at 6.58.43 PM
In addition to the above information, data from Kid Connect – a service VTech offered to let parents communicate with their kids – was also hacked. Kid Connect information included:
Screen Shot 2015-11-29 at 6.58.43 PM
  • Pictures of Children and parents
  • Chat logs between parents and children

How did VTech Data Breach Happen?

 Screen Shot 2015-11-29 at 6.58.43 PM
The massive data breach actually occurred on Nov. 14 and impacted VTech’s Learning Lodge app store database, which features learning game apps and other educational tools for kids to download on their VTech devices.
 Screen Shot 2015-11-29 at 6.58.43 PM
The kiddie toymaker company had alerted Learning Lodge customers of the recent hack, and had “temporarily suspended” the Learning Lodge site along with 13 of its associated websites as a precautionary measure, VTech said on its website Monday.
 Screen Shot 2015-11-29 at 6.58.43 PM
The hacker that discovered the data breach told Motherboard that he has no plans to misuse the leaked information he gathered.
 Screen Shot 2015-11-29 at 6.58.43 PM
However, now, when the information – including snaps and chat logs – is available online, it could be even harder for VTech to try to pretend that everything is all right.
 Screen Shot 2015-11-29 at 6.58.43 PM
VTech says it is still investigating the matter, and will look into new ways to strengthen its security. It also alerted customers of potential exposure, encouraging them to follow up with the company via email (vtechkids@vtechkids.com in the U.S.).

Screen Shot 2015-11-29 at 6.58.43 PM

Experts Warn of More Cyber Attacks

Screen Shot 2015-11-29 at 6.58.43 PM
 Now that the massive database from VTech is available online, security experts are warning that hackers and cyber criminals are likely to use this information in order target similar IoT (Internet of Things) companies that handle customer data.
 Screen Shot 2015-11-29 at 6.58.43 PM
1448912720205140
 Screen Shot 2015-11-29 at 6.58.43 PM
Breaches like VTech are not unusual, but since it involves services aimed at children that generally do not get much of the attention when it comes to the security of data.
Screen Shot 2015-11-29 at 6.58.43 PM

Affected? How to Check and What to Do?

If you are a parent holding a Learning Lodge account, you are advised to check Have I Been Pwned?website, which compiles all the data from breaches and now includes users accounts stolen from VTech.
 Screen Shot 2015-11-29 at 6.58.43 PM
If you found your Learning Lodge account affected, you should:
Screen Shot 2015-11-29 at 6.58.43 PM
  • Change your password immediately
  • Also, change your password retrieval informationScreen Shot 2015-11-29 at 6.58.43 PM
You are also advised to change the passwords on any other online accounts for which you are using the same password as for Learning Lodge account.
Screen Shot 2015-11-29 at 6.58.43 PM

Want our best on Facebook?

Facebook comments

“Toymaker VTech Hack Exposes 4.8 Million Customers, including Photos Of Children”