Slashdot Mirror

← Back to Stories (view on slashdot.org)

VTech Hack Gets Worse: Chat Logs, Kids' Photos Taken In Breach (vice.com)

Posted by samzenpus on from the from-bad-to-worse dept.

An anonymous reader writes: The VTech hack just got a little worse. Reports say that in addition to the 4.8 million records with parents' names, home addresses, passwords and the identities of 227k kids, the hackers also have hundreds of gigabytes worth of pictures and chat logs belonging to children. ZDNet reports: "Tens of thousands of pictures — many blank or duplicates — were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet. Motherboard was able to verify a portion of the images, and the chat logs, which date as far back as late-2014. Details about the intrusion are not fully known yet. The hacker, who for now remains nameless, told Motherboard that the Hong Kong-based company 'left other sensitive data exposed on its servers.'"

11 of 69 comments (clear)

  1. Mail or call the us office by Joe_Dragon · · Score: 2

    1156 W Shure Dr #200, Arlington Heights, IL 60004

    (847) 400-3600

    1. Re:Mail or call the us office by mwvdlee · · Score: 2

      To do WHAT exactly?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  2. Numbers don't add up. by jtownatpunk.net · · Score: 2

    I keep seeing reports of this saying "4,800,000 parents" and "227,000 children". Can someone please explain this?

    1. Re:Numbers don't add up. by DarkSkiez · · Score: 2

      Simple answer: Not every registered parent (for maybe warranty or something) had registered children in the system.

  3. Even worse than that by WillAffleckUW · · Score: 2

    Expect fake lost kids emails and other much worse things.

    There is evil. And then there's Evil.

    This is the latter.

    --
    -- Tigger warning: This post may contain tiggers! --
  4. Re:Chat logs belonging to children . . . by Anonymous Coward · · Score: 2, Insightful

    People that exist, but neither you nor I would have any desire to meet.

  5. Why were they storing these? by MobyDisk · · Score: 4, Insightful

    The important question is why the data was stored on VTech's servers in the first place.

    THIS ^^^^^^^^ THIS

    This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.

    My kids have some vtech stuff. I downloaded their app that lets the toy know the child's name, birthday, and favorite food. But that's it. It never occurred to me that they would have any reason to store that information. Let alone storing photos and chat logs from devices that have that capability.

    WTF!!!!! I am anxious to hear about this. This is why I used to use a personal firewall years ago. Everything phones home. But now they are impractical.

    1. Re:Why were they storing these? by tlhIngan · · Score: 4, Interesting

      This corporate culture of "store everything" needs to go away. At least in the past, we had storage limitations that made this infeasible. But dammit, as a software engineer, if the system requirements tell me to store something that would be bad if it was released, then I'm not storing it unless there is a damned good reason AND it is well encrypted.

      Not to mention with child privacy laws, this sort of thing has to be well kept.

      For an example - take a look at Nintendo - we lambast them for "friend codes" and awkward DRM. But you realize that the intersection of various child privacy laws worldwide mean Nintendo basically cannot ask for any information - no name, no email address or anything.

      And by doing this, they just have to associate a hardware serial number (anonymous!) with purchases (also anonymous!). If you transfer to another console, it's moving the purchases to a new serial number.

      But this means you also cannot create an account and re-download stuff (because Nintendo doesn't know who you are), and if your console breaks, you have to bring it back to Nintendo (so they can move the stuff to a new serial number).

      Sure today you can create a "Nintendo Network" account that tries to associate your purchases with an ID, but that's optional and you still suffer the same limitations.

      it's the only way Nintendo could guarantee even if they were hacked, that there was no private data to take, and legally they couldn't collect any information.

  6. Re:Chat logs belonging to children . . . by Anonymous Coward · · Score: 2, Insightful

    "We have your son, Timmy. Here's a picture for proof. He says he really misses his dog Spot. If you want to see him alive again, wire $5000 to ..."

  7. breach fatigue by k6mfw · · Score: 2

    Every day I read about zillion emails and other personal information is hacked. Like MobyDisk asks why are they storing this stuff? I think companies should be liable for loss of personal information so then they will first think is it necessary to gather information. Then if they do they better have some damn good methods of keeping it safe. Yes, I have personal firewall on all the time. I also have computers that are never put online. Then these places ask for name, birthdate and address. I may give them name and address, birthdates are different than my actual.

    So now here's another hack and loss of data, ho hum, just another disaster in IT land, yawn. This can be serious. There might be a breach that will really screw things up and nobody will flinch.

    --
    mfwright@batnet.com
  8. Hows that Honda S2000? by Anonymous Coward · · Score: 3, Funny

    VTEC just kicked in yo!