Cyber-attack on Hong-Kong toymaker VTech affected about 5 million consumers' data
By Staff Writer
Hong Kong-based children's electronics maker VTech announced over the weekend that the cyberattack on November 14 has compromised the data for 5 million "customer accounts and related kids profiles worldwide."
According to the St. Louis Post-Dispatch, the affected data include names, children's birthdates, email addresses, mailing addresses, and the information on what softwares were downloaded to the toys. The company announced that social security and credit card numbers were not stolen.
Wired reported that 190GB worth of children's photos and chats in VTech's survers were left vulnerable to the cyber-attacks. According to VTech, it has already contacted the customers whose information were compromised, and that the company has already put up string measures to prevent further attacks.
Internet security expert Troy Hunt said the exposed data could give shady people have the capability to connect kids to their parents and pinpoint the house address of a child, according to The New York Times. He said that as a father of two, the cyber-attack on VTech made him think about the footprints his children will make online.
Privacy advocates fear that there are more hacks on sites that involves children, especially with the increasing companies that are linking toys to the internet. VTech's case shows that data aren't properly protected.
"Toy companies are rushing to cash in on the changing nature of childhood in the 'big data' era, where Internet-connected toys are linking children to a vast surveillance network," said Center for Digital Democracy executive director Jeffrey Chester. "These playthings can monitor their every move, turning what should be innocent and pleasurable experience into something potentially more sinister."
The attack was done on VTech's Learning Lodge app store, were people download educational programs and games for young toddlers' toys. As of Monday, VTech has taken down its Learning Lodge Website, notifying visitors it has been temporarily suspended.