NEWS
NEWS
NEWS
Bad to worse: VTech hack data includes kids pictures and chat logs
The news for children’s toy maker VTech Holdings Ltd. went from bad to worse Monday with the disclosure that a data breach included photos of children and their chat logs.
Disclosure of the hack of VTech’s Learning Lodge, its app store for its range of electronic children’s products catering to infants through preschoolers, first came to light over the weekend, but the depth of the data obtained wasn’t known … until now.
The hacker behind the data theft spoke to Motherboard and said that the company had left other sensitive data exposed on its servers, including kids’ photos and chat logs between children and parents. The specific data is said to come from VTech’s Kid Connect, a service that allows parents using a smartphone app to chat with their kids using a VTech tablet.
It’s not entirely clear exactly how many pictures were exposed, but the hacker added that he was able to download more than 190GB worth of photos from VTech, putting the estimated figure around at least in the tens of thousands.
The chat messages obtained consisted of exchanges between parents and their children and included messages such as “Roses are red vilets [sic] are blue and I love you. Mommy and daddy,” and “You are my HERO!Daddy!100 percent!”
All of the messages and photos are said to include attached information that would allow the children and their parents to be identified.
Moral hacker?
The only possible solace from the hack is that it would appear, at least on the surface, that the hacker who obtained the data may not be intending to use the information for nefarious activities.
“Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard. “VTech should have the book thrown at them.
“I can get a random Kid Connect account, look through the dump, link them to their circle of friends, and the parent who registered at Learning Lodge [VTech’s app store] … I have the personal information of the parent and the profile pictures, emails, [Kid Connect] passwords, nicknames … of everyone in their Kid Connect contacts list.”
VTech, for its part, has taken down a range of sites and online services “as a precautionary measure” until such time as it can fix its security issues, which as noted previously appear to have included a failure to use SSL, a six-year-old version of the .NET framework and an easily accessible database.
Image credit: greggoconnell/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
