The latest company to be devastated by a cyber attack is popular children’s toymaker VTech.
VTech are known for producing popular tablets and electrical toys for kids. The tablets include cameras and can run apps to enhance a child’s learning. Any data or chats made between VTech Kid Connect apps (which acts like a messenger service) have also been compromised.
The company, based in Hong Kong, has admitted that 10 million accounts have had data stolen which also include pictures of children.
Of the 10 million accounts that are registered, 6.3 million belong to children. 23,096 of these belong to children in Australia.
VTech confirmed in a statement, “We can confirm that on November 14 HKT an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database and Kid Connect servers. ”
VTech admitted that the names, gender, birthdates and photos of children’s profiles were among the information stolen in the cyber attack.
VTech has been accused of not taking common steps to protect customer passwords. Security researchers found VTech stored customer’s passwords in a readable format.
On Monday, VTech emailed affected customers and said their passwords had been “encrypted” but it was hacker may have decrypted them.
Adult accounts that include names, mailing address, email address, password retrieval question, IP address and passwords are amongst the data that was stolen by the hackers.
At this stage Tech confirmed no credit card details have been stolen.
“Regretfully our database was not as secure as it should have been,” said the company, which informed the public on November 27th – thirteen days after it was first hit .
“Upon discovering the breach, we immediately conducted a comprehensive check of the affected site and have taken thorough actions against future attacks.”
Customers have been advised by email of the cyber attack.
VTech shared with customers,”Our investigation to date suggests the breach is on the server, not on the device itself. There is no evidence to suggest the toys are not safe at this time.
“We will continue to investigate and share more information as it becomes available.”
The latest cyber attack follows the recent attacks on Sony Pictures and Ashely Maddison. No known reason has been found at this stage on why VTech was targeted in this latest attack.
Mirror Online spoke to Raj Samani, Vice President at Intel Security about the VTech data breach. He suggested before parents invest in technology as presents this Christmas, understand how the toy interacts with the online world and ensure your child’s toy doesn’t share sensitive information to unknown viewers.
“Unfortunately, with children’s gadgets, security is rarely thought about,” he said.
“This Christmas, parents should take the time to understand how a toy connects and interacts with the online world, to make sure their child’s latest toy isn’t sharing sensitive information or broadcasting video to unknown viewers.
“This attack on VTech adds to the numerous data breaches and hacks that have hit the headlines this year, leaving swathes of sensitive customer details, in this case the details of children, in the hands of criminals.
“However, a breach such as the one VTech has experienced shouldn’t steer parents away from buying connected toys this Christmas.
But when considering which toys to buy, parents shouldn’t just focus on the price of gifts but also the potential security risks that could come with them.”
For the latest updates for the attack head to VTech’s official information page.