Security of VTech toys breached, 6 million affected
VTech, the giant of children's learning toys announced that its Kidizoom smartwatches and VTech InnoTab tablet had exposed the children to identity theft. VTech said the hackers had reached into its "Learning Lodge app store and its Kid Connect mobile app service that lets parents communicate with those tablets." The hack had affected as many as 6 million children as disclosed by VTech.
VTech hit with shocking hack, exposing sensitive data
Panic struck Chinese company VTech, when it was revealed that a hack had exposed the personal information of almost 5 million parents and more than 200,000 kids. The hacker shared the data with company Motherboard (which then alerted VTech), even though it could have been sold online. The breach was especially worrying as it could give the kid's exact addresses and become a security-concern.
What VTech did wrong?
The major fault lay in VTech's handling of customer data using unencrypted and non-SSL delivery of communication. Login, passwords and addresses were all delivered over a standard HTTP protocol with no protection for users. The kids' passwords were saved in plaintext; adult passwords utilized weak encryption making them soft-targets. Moreover, in its public announcement VTech glossed over damages and did not share actual figures.
Hacker increases VTech troubles by revealing photos, chat-logs
VTech suffered more backlash as the hacker exposed that VTech had left "thousands of pictures of parents and kids and a year's worth of chat logs stored online", making them easily accessible to hackers. This poses a threat to the 2.3 million users registered with Kid Connect service. The hacker yielded a batch of 3,832 image files with Motherboard for verification purposes.
What the breach essentially implies?
VTech's stolen data included the name, gender and birth date of the children. It further gave access to data on their parents "included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password." Security experts noted that the hacked data could be worth millions of dollars when sold to underground markets.
VTech's shares dip after the identity-theft crisis
VTech shares have lapsed 2.73% since it first revealed the hack in November, while the Hang Seng index was down 0.38% for the same period.
Fourth largest data breach in history
The VTech data breach is now being rated as the fourth-largest consumer data breach to date and the biggest one that has targeted kid's information.
Tech calls in a cyber-response team to enhance security
VTech Holdings Inc. solicited help from FireEye Inc. Mandiant Incident Response team, a cyber forensic team to strengthen its "security and investigate" the hacking attack. The response team is presently looking at how the VTech handles customer information and is looking for ways to increase security. VTech allegedly shut down access to its sites to minimize the damage caused by the hack.
Share this timeline