Toy Company VTech Left Millions of Parents, Children Vulnerable to Security Risk

By Kyle Piscioniere December 01, 2015

A Chinese toy manufacturer’s loose security has led to a massive breach of user data for both children and parents. VTech’s lax security measures not only left about 5 million parents - but also more than 200,000 children’s personal data vulnerable.

When one hacker noticed those security oversights, they took advantage of the unprotected network. With a simple SQL Injection – one of the oldest, simplest hacking methods – that hacker accessed reams of user data. Thankfully, rather than selling the massive amount of information, the hacker contacted Motherboard writer Lorenzo Franceschi-Bicchiera, who broke this story.

The data breach gave the hacker almost unparalleled information. Parents’ email addresses and passwords, physical addresses, first and last names, login information, and IP addresses were all compromised. In addition, the hacker accessed security questions and answers of users, severely increasing the risk that other accounts could be hacked.

But the most haunting aspect of this breach, and the outlier from a security history standpoint, is the children’s data. The hacker accessed names, genders, and addresses of children, alongside headshots and voice recordings.

The children’s accounts were then easily matched to their parents’. That means almost 200,000 children could have irreplaceable data out in the ether. 

If this information had been previously accessed, or if other similar services are equally unprotected, then parents have a lot to worry about. The Internet is already a haven of untraceable illicit activity, the least dangerous of which is identity theft.

In addition, no other generation has had to deal with such severe security breaches at such a young age. If their information had been previously accessed, or if it’s somehow leaked further, then these children could grow into case studies of extended, unnoticed identity theft. 

VTech has been slow to respond to the controversy. Motherboard’s Lorenzo got redirected when bringing the data breach to the company’s attention and VTech is reportedly only grudgingly responding to the extended, serious backlash.

Security expert and advisor Troy Hunt has called for the site to go offline, even though the company claims to have bolstered security.

Today, the security community has again bashed VTech. In the wake of this most recent breach, slipstream/ROL – a popular, independent security researcher – found that VTech’s Android app is also poorly protected.

Readers with VTech accounts can learn if they’ve been hacked at this website




Edited by Stefania Viscusi
SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More