Slashdot Mirror

← Back to Stories (view on slashdot.org)

VTech Hack Gets Worse: Chat Logs, Kids' Photos Taken In Breach (vice.com)

Posted by samzenpus on from the from-bad-to-worse dept.

An anonymous reader writes: The VTech hack just got a little worse. Reports say that in addition to the 4.8 million records with parents' names, home addresses, passwords and the identities of 227k kids, the hackers also have hundreds of gigabytes worth of pictures and chat logs belonging to children. ZDNet reports: "Tens of thousands of pictures — many blank or duplicates — were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet. Motherboard was able to verify a portion of the images, and the chat logs, which date as far back as late-2014. Details about the intrusion are not fully known yet. The hacker, who for now remains nameless, told Motherboard that the Hong Kong-based company 'left other sensitive data exposed on its servers.'"

1 of 69 comments (clear)

  1. Re:Why were they storing these? by tlhIngan · · Score: 4, Interesting

    This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.

    Not to mention with child privacy laws, this sort of thing has to be well kept.

    For an example - take a look at Nintendo - we lambast them for "friend codes" and awkward DRM. But you realize that the intersection of various child privacy laws worldwide mean Nintendo basically cannot ask for any information - no name, no email address or anything.

    And by doing this, they just have to associate a hardware serial number (anonymous!) with purchases (also anonymous!). If you transfer to another console, it's moving the purchases to a new serial number.

    But this means you also cannot create an account and re-download stuff (because Nintendo doesn't know who you are), and if your console breaks, you have to bring it back to Nintendo (so they can move the stuff to a new serial number).

    Sure today you can create a "Nintendo Network" account that tries to associate your purchases with an ID, but that's optional and you still suffer the same limitations.

    it's the only way Nintendo could guarantee even if they were hacked, that there was no private data to take, and legally they couldn't collect any information.