Look out Hello Barbie™, VTech has you beat, at least as far as privacy violations go. VTech is a very popular toy manufactuer of children’s electronics. Given their popularity, you would hope they would do whatever they needed to, in order to protect their users’ privacy. Think again. As reported by The Guardian, VTech was recently hacked, and not in a small way. In fact, this hack was large enough to affect millions.
With 6.4 million children and 4.9 million adults affected, this is the largest attack to target children in history. The information taken was a wealth of knowledge, and included things like names, genders, birth dates and addresses of children. Not surprisingly, many find this breach disturbing, and VTech has released a statement telling users not to worry because everything was encrypted.
Whereas that may be somewhat true, let us tell you about that statement. First of all, not everybody’s information was encrypted. Despite these claims, noted security analyst Troy Hunt found that over 227k of childrens’ records were not. Secondly, the “encryption” that VTech was using for adults is called an MD5 Hash. The problem that occurs is that method is almost useless the user creates a very good password. The childrens’ passwords were plain text. How many people do you know that actually make strong passwords?
Concerned over the scope of this breach, several US states are investigating VTech. Additionally, the Hong Kong privacy commissioner initiated a compliance check to see if the Hong Kong based company was keeping up the proper security procedures. Though it is not likely that this breach will destroy the company, it may be a while before many trust it again. A big question is, will this breach cause a decline in other items they make?
In the realm of cyber security, VTech is in it’s infancy. Unfortunately, there are hackers that are not. We hope that their breach and the others will encourage companies start paying attention. The alerts that the privacy community sound are not just paranoia, they are real threats. Companies like VTech need to wake up and get the message. Until that happens, we are certain to see more breaches. In the mean time, what we can do as users of the web is make sure we have strong passwords. Will this be a wake up call for families to start paying attention to their privacy? Time will tell.