You’ll need to pardon our rant, and if you are easily offended, you may want to skip this article. Because we want to know who the hell lets their kids register their personal information, including home address, pictures, and other personally identifying information or – even more mind-boggling – registers this information for their kids, online?
We’ve talked about the dangers of letting kids be on the Internet since almost before there was an actual Internet. It’s well known that children are the most vulnerable, and the most at risk, of any online population, once they get online. It’s why even Facebook, user-hog that they are, won’t let kids under 13 register for an account.
And yet millions – MILLIONS – of parents blithely hand their kids, many well under the age of 11, VTech toys that require them to register online, and to give up all of this personal information, including home addresses and dates of birth, and then they let them use this system – a system that encourages them to upload profile pictures of themselves, and have online chats!
WHO THE HELL ALLOWS THEIR KIDS TO DO THIS??
In case you haven’t guessed by now (and you should have, as the headline of this article is “VTech Toy Hacker Gets Personal Information of Over 6million Children”), a hacker hacked into electronic toymaker VTech’s system, and got the personal information of 6.4 million children, along with 4.9 million adults (their parents), along with head shots and chat messages.
How many ways do you think that data can be misused? Wait, stop thinking about it, because it quickly goes down a very dark path.
According to the Wall Street Journal, nearly half (46%) of those accounts belonged to children and parents in the United States, with those in several other countries making up the balance (18% are in France, 12% in the U.K., 8% in Germany, with 5% or less each for the rest of the countries).
According to a statement released by VTech about the breach, the kids’ profiles only include name, gender, and date of birth. However the kids’ profiles are connected to their parents’ profiles, and they include their home address.
Among other things, the hacker got, says VTech:
– Parent account information including name, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password.
– Kid profiles include name, genders and birthdates.
– Encrypted Learning Lodge’s contents, including Kid Connect’s profile photos, undelivered Kid Connect messages, bulletin board postings and Learning Lodge content (ebooks, apps, games etc).
Now, you may be thinking “Well, it’s not so bad, at least the pictures were encrypted.
But you would be wrong. Because if they actually were encrypted, the hacker had no trouble decrypting them. In an excellent series of articles over at Motherboard, Lorenzo Franceschi-Bicchierai interviews the hacker, who shares some of the pictures with him.
Profile Pictures from the VTech Hack
In that particular article and interview with the VTech hacker, the hacker tells Franceschi-Bicchierai that “Frankly, it makes me sick that I was able to get all this stuff.” In another article he explains that he basically stumbled across this easily, and by accident, and just wanted to make the company aware of the extent of it.
This may all be true, in which case VTech got very lucky, and yes, they clearly need to ramp up their security.
But in the final analysis it’s still parents who are responsible for their kids’ safety, and it’s still up to parents to be aware of the risks of letting their kids on the Internet, and especially of putting personally identifiable information on the Internet.
If you or your child has ever registered anything through any of the VTech sites, including:
…then you should contact VTech at whichever below email address is applicable to you:
Australia and New Zealand: firstname.lastname@example.org
Hong Kong: email@example.com
Other countries and regions: firstname.lastname@example.org
And if you want to read a really detailed analysis of the VTech hack, check out Troy Hunt’s in-depth analysis of the VTech Hack.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: