10 Things to Know About VTech Hack That Exposes Data of Kids, Parents
The hack of VTech is particularly worrisome because it exposes information on 5 million parents and children. Here is what is known about the attack.
When Did the Breach Occur?
According to VTech, its customer data, which was housed on its Learning Lodge, a place where users could download apps to its devices, was accessed on Nov. 14. The company didn’t find out about the breach, however, until approximately 10 days later, when a journalist inquiring about a hack brought it to VTech’s attention. It then examined the claim and the rest is history.
How Many People Were Affected?
So far, the VTech incident is said to have impacted 5 million people. While VTech has not broken out those figures, some reports suggest that the personal information of 4.8 million adults and 200,000 children was swallowed up by the “unauthorized party.”
Here’s What VTech Says Was Stolen
As of this writing, there is some debate over exactly what has been stolen. VTech says that its database was captured, providing the hacker with names, email addresses, IP addresses, mailing addresses and more. Among the children, the hacker was able to access names, genders and birthdates.
Here’s What the Hacker Says Was Stolen
In an encrypted interview with a reporter at Motherboard, the person alleging to be the hacker says the breach goes far beyond what VTech claims. In fact, the alleged hacker says that he or she was able to download nearly 200GB of images of children and parents, as well as chats between parents and kids. The Motherboard post includes photos of children and adults to corroborate the person’s claim. VTech, however, has yet to confirm that’s the case.
No Financial or Secure Information Was Taken
For now, it is believed that no financial information or Social Security data was stolen in the breach. VTech says that it does not “process or store any customer credit card data” through its Learning Lodge service, and it does not carry Social Security numbers of drivers’ license numbers. With names, addresses and photos, however, it may not be difficult for the alleged hacker to identify a person.
How Did It Happen?
One of the biggest questions is exactly how the hack happened. The person alleging to be the hacker shared precious few details on how it occurred, but it’s clear that VTech’s database was not adequately protected and standard encryption protocols were not followed. VTech says it’s still conducting an investigation, so it’s not saying how it happened.
VTech Is Looking to Improve Its Security
As part of its attempt to overcome its latest troubles, VTech says it is researching ways to improve the security of its platforms. The company didn’t say exactly how it plans to do so, but it says it will enhance its platform security and bring that security to its database as soon as it’s able. For the sake of VTech users, let’s hope that happens sooner rather than later.
VTech Has Shut Down Because of the Breach
VTech has shut down its Downloads section as a result of the data breach. The company’s Learning Lodge is inaccessible, and VTech has provided no insight into when it will be back up and running. For now, those who use VTech devices and rely on Learning Lodge are in a rough spot. Perhaps, though, that spot isn’t as bad as the one VTech is in.
Everything Comes Back to Software
When it’s all said and done, the issue impacted Learning Lodge and not VTech’s hardware. In fact, the company said that its hardware is secure and has not been breached as part of this hack. That is undoubtedly good news for those who own the company’s products, including baby monitors and other video devices.
This May Get Worse Before It Gets Better
As recent information leaks on the data breach show, the issue with VTech is likely to get far worse before it gets better. In the coming days, more information on the extent of the leaks is expected to be made public. In the meantime, the person alleging to be behind the attacks seems willing to talk about the exploit. It’s a massive issue for VTech that will only get worse in the near term.
VTech, the Hong Kong-based company that offers a wide range of kid-friendly products, has been hacked. And as time goes on and more details are shared, the hack is becoming even more ominous for parents and children around the world. The issue, however, is that it’s one of many hacks that continue to impact major companies. Sophisticated malicious hackers have the ability to compromise massive company servers and access data with ease. That data is oftentimes sold to interested parties on the underground Internet, leaving valuable information available to anyone. VTech, in other words, is just one in a long list of companies that need to get their security right. But it’s also the latest in that long list, and the breach is particularly scary because it involves information about parents and children. In this eWEEK slide show, we look in more detail at the VTech hack and what is known so far. The details of the VTech breach should strike fear into any company that houses personal information and worries about getting hacked.
Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis’ Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.