A Massive Breach Leaves Personal Information Relating to Children in the Hands of Cybercriminals
According to recent press releases, several states within the U.S. have opened investigations into a massive breach occurring at the educational toy company, VTech. VTech is a Hong Kong based, award- winning maker of electronic learning-based toys for children, and announced last week that it suffered an attack on November 14 that resulted in a breach of its Learning Lodge database.
Learning Lodge is a service provided by the company that allows customers to download a variety of learning games, e-books, apps and other educational content that directly relates to VTech products.
Motherboard was the first to report the news, last week, stating that the personal information of nearly one million adults and over 200 000 children was exposed, with victims in several countries including the U.S.
Amongst the information stolen was photos and chat logs from the company’s Kid Connect service, which allows adults to use their smartphones to chat with children using a VTech tablet.
Initially, the company made light of the news, releasing a simple statement on November 14 that indicated unauthorized access of customer data from the Learning Lodge website had taken place.
VTech admitted after the fact that they had known about the breach as early as the Tuesday before the announcement was made, and an investigation was triggered after the hacker responsible informed Motherboard of the intrusion and provided files containing the stolen data.
Lack of Protection
The intruders used an SQL injection in order to gain root access to the VTech servers, and stolen data includes a variety of information, including:
- names and emails
- street and IP addresses
- secret question and answer information
- customer download history
- names, genders and birthdays of children
Fortunately, the compromised data does not include more sensitive information, such as social security numbers, driver’s license numbers, or any credit card information, and according to VTech, all victims have been notified.
The Risk to Children
Professionals in the industry have commented, saying VTech has been incredibly irresponsible with their data management and protection practices, and their actions may, in fact, have put children at risk.
A very real threat to children comes from people they know, or who appear to know them, and having additional informational about them floating around increases the chances that a disparaging person will be able to successfully impersonate themselves as a safe person to the kids.
Stay up-to-date on the latest technology news. Contact QualityIP at (330) 931-4141 or email us at [email protected] to find out more about our managed IT services wherein we protect you from threats and handle all of your technology for a flat-rate monthly fee.