This site may earn chapter commissions from the links on this page. Terms of use.

Another 24-hour interval, another massive data breach involving the personal details of millions of unsuspecting people. Information technology's a footling different this time, though. Electronics and toy manufacturer VTech has close down its family-oriented Learning Society app shop after attackers managed to proceeds admission to the business relationship information of nearly five 1000000 adults and kids who had signed upwardly for the service.

Hong Kong-based VTech's kids toys include various toy versions of tablets, laptops, and even smartwatches. They're all positioned as educational toys and include integration with the VTech Learning Lodge app store for customization and new apps. In fact, to make just about any change to the included software, parents have to sign up for a Learning Lodge business relationship, making a login for themselves and their offspring.

The data nerveless by VTech varies a bit depending on the site used to sign up (there are several different portals to creating a VTech account). Herein lies the problem. It turns out that VTech wasn't doing a very good chore of keeping that account data secure. Co-ordinate to the visitor, hackers managed to access names, email addresses, habitation accost, IP address, download history, and password recovery questions and answers. Afflicted are consumers in the US, United kingdom of great britain and northern ireland, Canada, Germany, Communist china, and a number of other regions.

VTech says it has contacted all the affected customers, but it tin can't do much other than shrug and offer an amends. At least VTech doesn't have payment details, because otherwise those would probably have been leaked as well. Although, mayhap that's why VTech didn't take the security of its database seriously enough.

vtech hack

The alienation happened on November 14th, and has been cleaved down in exhaustive particular by security researcher Troy Hunt. The stolen data contains a regular CSV file with 4,862,625 rows (1 for each user account) with column headings like email, first_name, last_name, secret_question, secret_answer, and encrypted password. Yous may exist thinking, "Oh, practiced… at least the passwords were encrypted." Unfortunately, it's but a straight MD5 hash that can exist cracked in no fourth dimension. Everything else is in plain text, which is insane. Other CSVs incorporate data on the kids with IDs that connect them to the parent accounts, which have additional data.

This is a meaning blunder for VTech, and closing its app shop isn't going to undo the damage. It didn't take security seriously plenty, presumably because it was "merely" making kids' toys. They didn't even bother to utilize SSL. However, personal information is even so personal, and now a lot more than of it is floating effectually the Cyberspace.