[BITList] Fwd: The VTech kids data breach is a warning sign

Michael Feltham ismay at mjfeltham.plus.com
Thu Dec 3 14:02:21 GMT 2015 


> 
>  	
> View this on a browser <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec43d&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109&p1=%40XG0vMSzDXcDS%2FN6Geo5TzxJQJWvEob2kFjbxM0HtETM%3D> or unsubscribe <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec43e&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109&p1=%40yUYNUk8GIXJLxgitIalImA%3D%3D&p2=Edi_Tec_New>
>  <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec43f&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109>
>  
>  	
>  	
>  	
> Thursday, December 3, 2015
>  
>  	
>  	 
> Techbriefing
>  
>  	
>  	 	 <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec440>	 	Follow us on Twitter
>  <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec441>	 
>  	WE NEED TO TALK ABOUT THE VTECH HACK <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec442&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109>
> 
> This week, a hacker broke into the servers of well-known toymaker VTech, and accessed details of over 6.4 million children around the world, and almost 5 million parents. If you’ve got kids in the UK, you’re probably familiar with VTech’s toys: their child-friendly tablet, the Innotab, and colourful, easy-to-use cameras and smart” watches are some of the most popular.
> 
> The details the hacker found included the children’s names, gender and birthdates, along with parents’ names, email and postal addresses, encrypted passwords, and secret questions and answers, among other things. If you consider the report from security firm Kaspersky this week, which claims that 1 in 7 people use the same password for multiple accounts <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec443>, the hacker can probably log into parents’ social media, bank or e-commerce accounts easily.
> 
> Coming on the tail end of a year of high-profile hacks <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec444&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109>, you’re probably thinking this is just another one. So it involves a few million people, which sounds like a lot, and it’s global – stretching from Latin America to China, but how is it that different from TalkTalk’s customer data <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec445&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109> being breached or the Ashley Madison fiasco? Troy Hunt, Microsoft’s MVP for Developer Security, who investigated the breach and blogged about it, calls it breach fatigue. Our identities being stolen and re-sold online is the new normal”, he says.
> 
> But this is different. It’s a step into a nebulous world where children’s data has become as vulnerable as that of adults, who knowingly sign away their privacy when they share information with websites and apps. Of course, tech companies cannot expect kids to appeciate the privacy risks when using the internet.
> 
> VTech’s data was so poorly secured, that the hacker himself felt compelled to speak out against his victim  <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec446>in an anonymous interview. He revealed that he had been able to access thousands of photographs of children <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec447&WT.mc_id=e_DM68109&WT.tsrc=email&etype=Edi_Tec_New&utm_source=email&utm_medium=Edi_Tec_New_2015_12_03&utm_campaign=DM68109>, taken as they video-chatted their parents through the Innotab, as well as chat logs and audio recordings of conversations they had held. "Frankly, it makes me sick that I was able to get all this stuff," the hacker was quoted saying.
> 
> Although the company has taken down 14 websites, and suspended both its app store and social network, a look at its Twitter account  <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec448>shows its attitude – the last three days of Tweets have no mention of the hack, but are instead pushing holiday discounts.
> 
> VTech shouldn’t be allowed to continue to sell products to children this Christmas.  At least not until security experts can prove the systems are up to scratch rather than, as VTech itself has admitted mildly, not as secure as they should have been.”
> 
> As more children start to use the internet to communicate, learn and play, their data privacy needs to be ironclad. White-hat hackers, tech companies, security engineers and the media need to work together to raise awareness. As an increasingly online society, this should be our highest priority. 
> 
> This week's Technology Briefing was written by Madhumita Murgia <http://t.email3.telegraph.co.uk/r/?id=h1738c68e,35ec43c,35ec449>.
> 
> 
>  
>  	
> 
> 
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20151203/f6c26584/attachment.html>

More information about the BITList mailing list