Hello Barbie” dolls has not received the warmest of welcomes (at least here in Germany – but I’m sure elsewhere, too).
On the other hand you also want your kid to have the latest and coolest toys, right? And those often are more gadgety than ever before and involve lots of technology. That’s nothing bad per se but as so often, security for devices which require web access and online accounts is not what it should be – as can be seen when looking at the VTech Learning Lodge data breach.
VTech is a Chinese tech company that provides electronic learning products for kids. A sign up for their Learning Lodge online system is required for some of their toy’s features.
“When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well – along with their home address – and you can link the two and emphatically say “Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)”, I start to run out of superlatives to even describe how bad that is,” says security expert Troy Hunt on his blog.
He goes on and explains the breach in length, mentioning that the data was barely if at all encrypted and that there was no SLL anywhere.
So how bad is the breach? Well, names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories are amongst the leaked information and around 4,8 million families from around the world are affected. But that’s not all: In addition the names of around 227,000 kids as well as their gender and birthdays are in the mix, too. Oh – and let’s not forget the kid’s headshots and private chat messages …
Data breaches are everywhere recenty. This one should make parents think about how much of their kid’s data they want to put on the internet though. Once it’s out there, everything could happen with it.