Updated! VTech, digital toymaker HACKED! 190GB of photos hacked into!

UPDATE: It has now been revealed that VTech stored details of almost 5 million consumers and 200,000 children along with pictures and chat logs on their OWN unencrypted servers.

All this sensitive information is now with hackers who have not only released these pictures to Vice's Motherboard but also put out an audio recording between a parent and a child that was part of the sensitive data that was swiped.

Photographs that Motherboard got access to were from VTech's Kid Connect application that allows children to chat with their parents via a smartphone app and a VTech tablet. Users are encouraged to use their headshots as profile images and these were the ones that were leaked along with accumulated chat logs from over a year, MotherBoard also had access to a few audio conversations that have not been verified by the company.

Hackers carve up 1800 Vodafone's customer accounts in fresh attack

What comes as a matter of great relief is that the hacker told Vice that he doesnt intend to sell the data but alarmingly, was able to download 190GB worth of pictures and shared a few thousand with the magazine to prove his point. 

The recent hacking of electronic toy maker VTech Holding's millions of customer accounts compromised truckloads of private and sensitive information and points to a scenario where hackers are winning the war against data security and encryption processes.

Hong Kong-based VTech's security lapse takes us back to not so long ago when a major hacking attempt on TalkTalk's database led to the loss of millions of customer accounts along with the sensitive information they contained. A major similarity between these firms is that they're big but not as big as the industry leaders who can afford to protect customer accounts through end-to-end encryption.

Government plans to end device encryption will hurt you, says Tim Cook

VTech sells electronic toys, baby monitors and children's tablets and retains confidential information of the parents as well as the children like names, email addresses, passwords, IP addresses, mailing addresses, download histories, gender and birth dates. As per the company, about 5 million customer accounts and details of children had been stolen by the hackers.

A major contributor towards success of the hack could be VTech itself. The firm certainly did not place end-to-end encryption of its data nor were its existing systems capable enough to thwart such an attack. This episode may have given us a peek at our future with the Government going all out to stop end-to-end encryption in the name of security. Once such encryption is removed, hackers find it much easier to infiltrate databases, steal confidential information and sell them in the online black market.

157,000 TalkTalk customer accounts exposed to recent hack

The Government’s approach towards ending encryption has earned the wrath of several industry stalwarts including Tim Cook. In an interview to The Telegraph, he said, "If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go."

"We believe very strongly in end to end encryption and no back doors. We don’t think people want us to read their messages. We don’t feel we have the right to read their emails,” he added. We cannot agree more.

Fresh update:

The response of several US states including Connecticut and Illinois as well as of Hong Kong to the recent hack of VTech's customer accounts has made it clear that if confidential data stored by your firm gets hacked, you won't be a victim of but an accomplice to the crime.

The widely-reported hack of data stored by VTech's Kid Connect application compromised private and sensitive information of 6.4 million children and 4.9 million adults. What has irked these US states and Hong Kong is that the hacked data wasn't encrypted by VTech. These included names, email addresses, passwords, IP addresses, mailing addresses, download histories, gender and birth dates.

Stephen Wong, Hong Kong's Privacy Commissioner, has now made it clear that his office will investigate if VTech had abided by principles of data privacy.  Attorney-generals of Connecticut and Illinois have also confirmed that they will do the same to ensure such intrusions do not take place in the future.

“The disclosure of the scope of the breach is troubling,” said Connecticut Attorney General's office.

Leave a Comment