Motherboard has revealed this week that Chinese kids toy maker VTech was recently breached, losing personal information on 5 million parents and over 200,000 kids.
Among the data stolen were names, email addresses, passwords and home addresses for the parents and names, genders and birthdays for the kids. Sadly, the kids' information can be linked to their parents meaning their addresses and identities are completely exposed.
The breach is one of the largest of all-time, and shockingly VTech didn't know about it until Motherboard reached out to them. "On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database," Grace Pang, a VTech spokesperson, told the site at the time. "We were not aware of this unauthorized access until you alerted us."
Data from the breach has not showed up online, and the hacker behind the attack said they had no plans to use the data. They did explain that the attack was simple - an SQL injection - and they were quickly able to gain root access to database servers. The passwords were stored with a basic MD5 hash but plenty more of the data had been stored in plaintext including answers to "secret questions" and recovery email addresses, suggesting that your other accounts could be in trouble if someone malicious had accessed the data.
The breach is one of the largest of all-time, and shockingly VTech didn't know about it until Motherboard reached out to them. "On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database," Grace Pang, a VTech spokesperson, told the site at the time. "We were not aware of this unauthorized access until you alerted us."
Data from the breach has not showed up online, and the hacker behind the attack said they had no plans to use the data. They did explain that the attack was simple - an SQL injection - and they were quickly able to gain root access to database servers. The passwords were stored with a basic MD5 hash but plenty more of the data had been stored in plaintext including answers to "secret questions" and recovery email addresses, suggesting that your other accounts could be in trouble if someone malicious had accessed the data.
