Tuesday, 1 December 2015

VTech Hack Exposed Tens Of Thousands Of Photos & Chat Logs Of Parents, Kids

Screen Shot 2015-12-01 at 12.26.02 PMThe recent breach of popular children’s electric toy maker VTech compromised the personal information of nearly five million parents and children, but a new report claims the hack exposed even more sensitive information: photos and chat logs between children and their parents. 

The anonymous hacker taking credit for the Nov. 14 breach of the company’s Learning Lodge app store claims VTech left tens of thousands of pictures and a year’s worth of chat logs easily accessible to hackers, Motherboard reports.

The hacker says the new data came from the company’s Kid Connect service, which allows parents using a smartphone app to chat with their child using a VTech tablet.

Photos stored in the VTech server were the result of Kid Connect’s online tutorials that encouraged the 2.3 million registered users – both parents and children – to take headshots for use in the app.

VTech did not respond to Motherboard’s request for comment on the new revelation.

”Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard in an encrypted chat. ”VTech should have the book thrown at them.”

The hacker, who provided more than 3,800 of the photos to Motherboard as verification, also found year-old chat logs between parents and kids and some audio files on the breached VTech servers.

The photos, chat logs and audio files, can easily be linked back to the personal account information previously exposed by the breach, the hacker says.

“I can get a random Kid Connect account, look through the dump, link them to their circle of friends, and the parent who registered at Learning Lodge [VTech’s app store],” the hacker told Motherboard, noting that he doesn’t plan to sell or publish the compromised data. “I have the personal information of the parent and the profile pictures, emails, [Kid Connect] passwords, nicknames…of everyone in their Kid Connect contacts list.”

VTech announced Monday that “as a precautionary measure” it had temporarily suspended the Learning Lodge and a dozen websites for a “thorough security assessment and fortification.”

Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech [Motherboard]


by Ashlee Kieler via Consumerist

No comments:

Post a Comment