Now even children’s toys are being hacked by criminals. Hong Kong toymaker VTech has announced that the data of 6.4 million children has been exposed. Cyber experts are calling the instance the largest ever hack to target young people.
VTech has stated that the cyber attack occurred on databases for its Learning Lodge app store and Kid Connect messaging system. Originally, it was thought that only 4.9 million children were affected by the attack, but new estimates are showing that number is probably closer to 6.4 million. The historic hack will likely prompt governments to pressure toymakers to take greater security measures.
Security expert Seth Chromick said, “This breach is a parent’s nightmare of epic proportions. A different approach to security for all organizations is needed.”
Meanwhile, the co-founder of cyber security company Veracode Chris Wysopal stated that the attack will likely serve as a wakeup call to families in realizing that their online data isn’t necessarily safe. In the past, several other databases have been hacked to expose the personal information of their clients.
According to VTech, any child profile that was hacked only included their name, gender and date of birth. However, parent accounts were more revealing, as those included names, addresses, email addresses, secret questions and answers for password retrieval, IP addresses, download history and their encrypted password.
Most of the VTech customers that had their data stolen reside in the United States. Residents of France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands also had their personal data exposed in the VTech breach.
So far, two states in the United States have launched investigations into the attack. Regulators in Hong Kong have also launched their own investigation.
Children’s privacy expert Shai Samet said, “This case will lead many toy companies to rethink their security protections for children’s data.”
Reports indicate that someone has already stepped forward taking responsibility for the hack. This unnamed individual has stated that nothing will be done with the information that was stolen. However, security experts are skeptical, saying that they find it hard to trust anyone who would compromise a secure network. Such stolen records typically sell for $1 to $4 each on black markets.