Previous Story
Children Exposed In VTech Hack
Posted On Dec 02 2015
Comment: Off
A cyberattack targeting Hong Kong-based children’s toy manufacturer VTech has left millions of accounts compromised, putting the data of parents and children alike at risk.
Now details on the extent of the Vtech hack are starting to emerge and the hacker actually also stole pictures of children and their parent in the hack.
Hackers can use the data stolen for a range of phishing attacks created to target people through their email addresses leading them to click on links that activate malicious software which allows the hackers steal even more sensitive information.
In a statement issued today, VTech announced that 6.4 million kids were affected by the data breach disclosed last week.
VTech Holdings Ltd. stated it has contacted all affected users via email and has temporarily shut down its Learning Lodge website – along with several others – as a precaution. The hack also included information on more than 200,000 kids including first names, genders, birthdays and in some cases photographs. The company is investigating the breach and is now working towards the prevention of another hacking happening in the future.
In trying to limit the damage and ease the concern of clients, VTech released a statement saying that no financial or payment details had been stolen. “To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway”, the company says.
Additionally, Vtech was found to use very poor hashing techniques for its stored passwords, using the inferior algorithm MD5.
Security expert Troy Hunt said that all communication through the app was unencrypted, meaning that when a hacker got access to the database all of the information could be read. SSL is a commonly used security feature used across the Internet.
The VTech hack follows several other high-profile cybersecurity incidents we’ve seen over the past year, including hacks against Sony and adult hookup site Ashley Madison.
The hacker claiming responsibility for the breach appears to have only shared the information with Motherboard and says he is going to do “nothing” with the data, the publication reports.
