However, kids profiles including names, gender and birthdays, as well as profile pictures and messages, were in the breached data.
Advertisement
The security of the encrypted files and images, however, depends on how well VTech protected the private decryption keys, and the release of images raises the question of whether the hacker obtained those as well.
The Hong Kong-based company has admitted that 10 million accounts have had data stolen – including the possibility of pictures of children. That is in addition to records for 4.9 million adult customers VTech had previously said were affected.
The company had earlier reported that the profiles of more than 200,000 children were hacked on November 14 from its Learning Lodge website, where children download apps and electronic books.
As well as the images it is purported that audio and chat logs were also downloaded by those responsible for the hack but, again, the company hasn’t confirmed if this is the case.
The anonymous hacker says it was fairly easy to break into VTech’s security, too. “Kid Connect is similar to a WhatsApp service”, it said in a statement.
Tod Beardsley, security research manager with Rapid7 Inc, said: “VTech is a toymaker and I don’t expect them to be security superstars”.
“Upon discovering the breach, we immediately conducted a comprehensive check of the affected site and have taken thorough actions against future attacks”.
The only saving grace of the cyber attack is that it appears no credit card information or personal identification data was included in the hacked data.
Attorneys general of CT and IL announced separate investigations of the breach, and Hong Kong’s Privacy Commission began a “compliance check” to determine if the company followed data privacy protocols.
Advertisement
This massive hack on VTech marks the biggest corporate cybersecurity breach in Hong Kong since 2011. While devices like kid-friendly smartwatches and tablets may block a child’s access to the bulk of the Internet, they’re still a potential target for hackers.
