Security of VTech toys breached, 6 million affected

7 Dec 2015 | By Vaneet Randhawa
Toymaker VTech faces security hack horror

VTech, the giant of children's learning toys announced that its Kidizoom smartwatches and VTech InnoTab tablet had exposed the children to identity theft.

VTech said the hackers had reached into its "Learning Lodge app store and its Kid Connect mobile app service that lets parents communicate with those tablets."

The hack had affected as many as 6 million children as disclosed by VTech.

In context: Toymaker VTech faces security hack horror

27 Nov 2015VTech hit with shocking hack, exposing sensitive data

Panic struck Chinese company VTech, when it was revealed that a hack had exposed the personal information of almost 5 million parents and more than 200,000 kids.

The hacker shared the data with company Motherboard (which then alerted VTech), even though it could have been sold online.

The breach was especially worrying as it could give the kid's exact addresses and become a security-concern.

Reason What VTech did wrong?

The major fault lay in VTech's handling of customer data using unencrypted and non-SSL delivery of communication.

Login, passwords and addresses were all delivered over a standard HTTP protocol with no protection for users.

The kids' passwords were saved in plaintext; adult passwords utilized weak encryption making them soft-targets.

Moreover, in its public announcement VTech glossed over damages and did not share actual figures.

Love Tech news?
Stay updated with the latest happenings.
Hacker increases VTech troubles by revealing photos, chat-logs

30 Nov 2015Hacker increases VTech troubles by revealing photos, chat-logs

VTech suffered more backlash as the hacker exposed that VTech had left "thousands of pictures of parents and kids and a year's worth of chat logs stored online", making them easily accessible to hackers.

This poses a threat to the 2.3 million users registered with Kid Connect service.

The hacker yielded a batch of 3,832 image files with Motherboard for verification purposes.

2 Dec 2015What the breach essentially implies?

VTech's stolen data included the name, gender and birth date of the children.

It further gave access to data on their parents "included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password."

Security experts noted that the hacked data could be worth millions of dollars when sold to underground markets.

VTech's shares dip after the identity-theft crisis

VTech shares have lapsed 2.73% since it first revealed the hack in November, while the Hang Seng index was down 0.38% for the same period.

7 Dec 2015Security of VTech toys breached, 6 million affected

Love Tech news?
Stay updated with the latest happenings.

Fourth largest data breach in history

The VTech data breach is now being rated as the fourth-largest consumer data breach to date and the biggest one that has targeted kid's information.

7 Dec 2015Tech calls in a cyber-response team to enhance security

VTech Holdings Inc. solicited help from FireEye Inc. Mandiant Incident Response team, a cyber forensic team to strengthen its "security and investigate" the hacking attack.

The response team is presently looking at how the VTech handles customer information and is looking for ways to increase security.

VTech allegedly shut down access to its sites to minimize the damage caused by the hack.