AfterDawn: Tech news

Kids toy co. VTech gets breached, details on 5 million stolen

Written by Andre Yoskowitz (Google+) @ 28 Nov 2015 10:16 User comments (1)

Kids toy co. VTech gets breached, details on 5 million stolen Motherboard has revealed this week that Chinese kids toy maker VTech was recently breached, losing personal information on 5 million parents and over 200,000 kids.
Among the data stolen were names, email addresses, passwords and home addresses for the parents and names, genders and birthdays for the kids. Sadly, the kids' information can be linked to their parents meaning their addresses and identities are completely exposed.

The breach is one of the largest of all-time, and shockingly VTech didn't know about it until Motherboard reached out to them. "On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database," Grace Pang, a VTech spokesperson, told the site at the time. "We were not aware of this unauthorized access until you alerted us."

Data from the breach has not showed up online, and the hacker behind the attack said they had no plans to use the data. They did explain that the attack was simple - an SQL injection - and they were quickly able to gain root access to database servers. The passwords were stored with a basic MD5 hash but plenty more of the data had been stored in plaintext including answers to "secret questions" and recovery email addresses, suggesting that your other accounts could be in trouble if someone malicious had accessed the data.

Previous Next  

1 user comment

130.11.2015 9:14

This is completely unacceptable as well, though due to crap laws, nothing will be done about it. The only self assurance I got is that I use fake profiles on my kids toys, so it won't affect me much; still for the other parents.

Comments have been disabled for this article.

News archive