December 1st 2015
If any of your family members are online users of Vtech products, you and your children’s personal information may have been compromised in a hack on November 14th. The attack on the children’s toy and electronics company has exposed millions of customer details – including photos of children and chat logs. The company did not find out about the attack until ten days later via online magazine Motherboard, with whom the attacker had communicated.
The data is from the company’s Learning Lodge app database and Kid Connect service –which enables parents to chat with their children via a smartphone app and Vtech tablet. Parents and children are actively encouraged to take photos and use them in the app, on product tutorials.
The Hong Kong based company has confirmed that five million customers have been affected. It has also suspended trading in its shares on the Hong Kong Stock Exchange. It says that the hacker has told them that they had accessed archived chat logs but were not planning to release them. Vtech’s statement made no reference to photos or audio recordings, nor the names, genders, addresses and birthdays of many children alleged to have been compromised. It also said that no credit card or social security data had been stolen.
However, Motherboard has released what it claims to be an audio recording of a conversation between a child and parent, supplied to them by the hacker.
The magazine says that the personal data of nearly five million parents and more than 200,000 children was stored insecurely, together with thousands of photos and year’s chat logs.
Vtech is being slated by security experts for a lackadaisical approach to cybersecurity. Australia-based security researcher Troy Hunt said: "All communications are over unencrypted connections, including when passwords, parent's details and sensitive information about kids is transmitted."
The company has taken a number of its services offline as a precautionary measure.
Vtech has always been regarded as a leader in the field of technology products for children, with a range that includes cameras built into child-friendly laptops, tablets and a smartwatch.
The US states of Connecticut and Illinois are investigating the breach, but it is widely thought that it is the work of an ethical hacker working to expose the firm’s poor data protection.