One of VTech’s electronic apps was hacked recently. The hack on the Chinese toy and video game company happened on November 14, 2015.
VTech customer information was exposed in the hack, but according to Lorenzo Franceschi-Bicchierai of Motherboard, an unidentified person claims to be responsible for the hack and plans to leave the information alone; the hacker reported his hack to VTech, who apparently did not notice the attack:
“The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids….
…The hacker who claimed responsibility for the breach provided files containing the sensitive data to Motherboard last week. VTech then confirmed the breach in an email on Thursday, days after Motherboard reached out to the company for comment.
‘On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database,’ Grace Pang, a VTech spokesperson, told Motherboard in an email. ‘We were not aware of this unauthorized access until you alerted us.’
VTech announced the breach publicly on Friday, but failed to disclose its severity. The press release doesn’t mention how many records were lost, nor that the passwords stolen are poorly encrypted, or that the breach exposes the identities of children….
…. The hacker said that while he doesn’t intend to publish the data publicly, it’s possible others exfiltrated it before him….”
Some parents are understandably upset with VTech; After all, the information revealed could possibly put any of the parents or children at risk of being targeted for kidnapping.
‘Why do you need know my address, why do you need to know all this information just so I can download a couple of free books for my kid on this silly pad thing? Why did they have all this information?” the victim, who is a father also living in the UK, told Motherboard over the phone. ‘If you can’t trust a company like that, then who can you trust with your information? It’s kind of scary.’ “
In addition, Motherboard and internet security expert Troy Hunt investigated the VTech website and discovered it to be poorly protected and without SSL encryption. Follow the link to Motherboard to read the whole story and details of what they found.
Here is an example of how hackers can use private information to target and threaten families. Back in 2012, the mother of pro wrestler Kurt Angle was a victim of a scam. TMZ reported the following:
“… his mother recently received a call from someone in the Domincan Republic who claimed her grandson was in a local jail and needed $4,000 STAT … or the consequences would be severe.
Angle’s mom… wired the cash and thought everything would be fine … until she got another call the next day … demanding an additional $4,000.
Mama Angle couldn’t afford the payment … so she contacted Kurt … who had a feeling the whole thing was a scam and reached out to the family member who was supposedly in danger.
Turns out, the family member was FINE and hadn’t been to the D.R. in over a year …
…Kurt tells us he has a feeling the people who duped his mom have an accomplice working near her home in Pittsburgh … because they knew about his family … and managed to find his mother’s unlisted phone number.”
What happened to Kurt Angle’s mom could happen to anybody, but because of VTech’s poor internet security, private phone numbers and emails may have been exposed even before this recent hack; any of these parents could be at risk of a scam.