Police make arrest in hack of toymaker VTech, which exposed data on 6 million kids

[InfoSec News <alerts () infosecnews org>]

http://www.chicagotribune.com/business/ct-vtech-toy-hack-20151216-story.html

By Andrea Peterson
The Washington Post
December 16, 2015

Police in Britain arrested a 21-year-old man Tuesday as part of an 
investigation into the massive hack against Hong Kong-based toymaker 
VTech.

VTech sells popular toys for young children, including smartwatches and 
tablets. The November breach of several company databases exposed 
information about approximately 5 million adults and more than 6 million 
children around the world, including names, genders and birth dates. The 
tech website Motherboard reported that pictures, chat logs between parents 
and their children, and audio recordings also were leaked, but the company 
has said it "cannot confirm" that data was reached by the hacker.

VTech's systems were reportedly vulnerable to a well-known hacking 
technique. The alleged hacker told Motherboard that he attacked the 
company and then went to the media to highlight its poor security 
practices.

The incident raised new questions about the digital security of toys at a 
time when big corporations are increasingly marketing dolls and other 
devices that connect to the Internet and collect data about children. This 
month, researchers publicly disclosed security problems with Hello Barbie, 
a new doll that relies on artificial intelligence and an online connection 
to carry on conversations with children. ToyTalk, the company that Hello 
Barbie's voice features, worked with the researchers to help fix "many of 
the issues they raised" before they were revealed.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/