By now you’ve probably heard of the VTech data hack that exposed the personal data and photos of upwards of five million customers and their children.
Consumer security expert Troy Hunt posted a detailed breakdown of the hack on his website. Going through it leaves you a little bit pissed off and how easy it appears to have been for this hacker.
As a documented fan of VTech’s young toddler toys, we have not yet branched out into their digital devices but now will likely do so in a more cautions manner.
The hack – conducted November 14 – was not noticed until more than a week later after a Canadian journalist asked VTech about the situation. That journalist was tipped off by the hacker himself.
“An unauthorized party accessed VTech customer data on our Learning Lodge app store customer database,” VTech released in a statement.
Learning Lodge is the way customers download content to their VTech devices.
“Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history,” the statement continued.
They go on to stress it does not contain any credit card information or personal identification data (ID card numbers, Social Security numbers, etc.).
While that is somewhat a breath of fresh air, what isn’t so comforting is that they were unaware this had even happened until someone specifically asked them about it.
- It took over a week before VTech started investigating
- The company was unaware until asked by journalist
- Hacker himself tipped off the journalist. Claiming to only expose the company’s security shortcomings, not to actually utilize the data.
This clip from CBS This Morning explains the scenario quite well.
In an age when everything is going digital, we are freely turning over more and more data to companies who traditionally are not prepared or equipped to handle such information.
VTech saw an opportunity to create new and more highly engaged devices that allows parents to offer educational options to their children’s screen use. That alone is not bad. In fact – as shown by the breach – millions of parents believe VTech is offering beneficial products.
Yet, as the company offers more technical options, forcing us to turn over our information (and our children’s) there is an expectation they are also going above and beyond to protect it.
That was clearly not the case.
Our toddler is on the cusp of starting to use these types of products. As our world becomes increasingly digital, these types of problems will only continue. As parents, it is our job to hold these companies accountable to acceptable standards for holding the data that comprises of most of our family.
I hope VTech will make things right and will increase their security for the future. I hope this is a wake up call for their business and what their customer expects from them. I hope this is a wake up call for us as parents to understand that we are the gatekeepers for our kids. It’s harder to do every day but something we simply have to do.
Will you still purchase from VTech? How do you try to keep you families data safe?