Learning “Toys” Hacked
When children today “play” with items that are actually sophisticated computers, unsuspecting parents could be putting their family’s security in danger. VTech is a Hong Kong company that offers a variety of high-tech learning-based computer “toys” for children. Recently VTech lost control of the online data for about 6.4 million children and nearly 5 million parents worldwide.
One or more hackers stole information on individual children that includes the child’s name, photo, gender, birthdate, and address, along with personally identifiable information about their parents, including their address, password, and security questions. This is particularly troubling because many adults use the identical passwords at many online sites, including those for their banks and credit cards.
Hackers who compromised the privacy of children now know their names, what they look like, and where they live because that information supplied by parents and children to VTech was not securely stored by the company.
A 21-year-old man was arrested in the United Kingdom for this attack but it isn’t known if he worked alone. He claims he stole the information to highlight lax security but this could be an attempt to conceal more nefarious motives. (Forbes, 12-15-15)
VTech claims it modified security settings after the attack but Troy Hunt, a web security specialist who teaches professional courses and speaks worldwide, says, “Despite their assurances that their system is now secure, they still have gaping holes that allow every kid to be matched with every parent.” Hunt recommends that all the information be taken offline until VTech properly fixes the glitches that allowed the data theft. He says, “You just can’t take chances with other people’s data in this way, especially not when they’re kids.” (TroyHunt.com, 11-28-15) Since VTech isn’t doing this, parents should consider deleting their children’s accounts and putting the gadgets away until the issue is fully resolved.