Just as the holiday shopping season began, leading electronic learning toy producer VTech was hit by a data breach that compromised personal information of millions of families in its user database. The threat actors obtained names, birthdays, account information, as well as 190 GB worth of photos from VTech’s application database.
VTech announced that its systems were compromised on November 14. The hackers were able to access customer records from its Learning Lodge App Store, a gateway for downloading apps, games, books, and other support materials for VTech toys.
VTech’s alleged hacker contacted Motherboard and mentioned that VTech left sensitive data exposed on its servers, including photos of children, as well as their chat logs with their parents.
Security researcher Troy Hunt reveals more damaging mistakes done by VTech in securing their customer database. “There is no SSL anywhere. All communications are over unencrypted connections including when passwords, parent’s details and sensitive information about kids is transmitted.”
In an effort to contain the situation, VTech promised to strengthen its IT infrastructure, take down portals such as Learning Lodge App Store, as well as contact all affected customers to warn them about the recent breach.
In an updated FAQ about the breach published by VTech on December 2, the company identified a total of 13 affected websites, over 4.8 million parent profiles affected, and over 6.3 million children’s profiles affected throughout several countries.
Holidays Just Around the Corner
VTech products are just a few of many smart home devices that have been introduced to families over the past few years. These include devices that can store images, take photos, and record conversations, both chat and audible exchanges. Items as such are usually marketed as educational tools or social recreational devices for children.
The nature of these devices makes them great holiday gifts. But with VTech’s recent stumble, parents should be more aware of the capabilities of these devices, and more mindful of security measures—especially when dealing with ones with internet connectivity.
Any device that can store data and connects to the internet in the household should be managed properly. Here's a list of things to keep in mind before buying smart home devices.
Parents are also advised to be aware of the capabilities of the devices they allow their children to use, and to always consider not just physical safety, but also security and privacy.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).