Last week, we reported on the massive security breach of VTech Toys that left almost five million parents and nearly a quarter million children’s info exposed online. The story was disturbing enough, but new revelations paint a picture even more dire.
Motherboard has been in protected communications with the VTech hacker since shortly after the original breach occurred. During the weekend, the aforementioned hacker revealed that he was also able to very easily access a virtually unprotected trove of chat logs between the compromised children and their parents.
Worse yet, the hacker was able to just as easily obtain “tens of thousands” of pictures of those children and their parents. This was all available because of VTech’s Kid Connect, a service that allows parents to chat with children on their tablet via a smartphone app.
Despite encouraging parents and their children to take headshots of themselves for use with the service, VTech has placed very little value on the protection of that very intimate level of information.
Even the hacker himself was disgusted. After sharing nearly 4,000 pictures with Motherboard to prove his findings, the hacker lamented the deplorable lack of security in place:
Frankly, it makes me sick that I was able to get all this stuff…Vtech should have the book thrown at them.
Along with the chat logs and photos are actual audio logs of the children communicating with their parents. This information can, for the most part, be traced directly back to the usernames to whom it belongs, and thus link to the real names and addresses of these kids.
VTech has yet to reveal exactly why they stored all of this data in the first place, playing their own cards pretty close to the chest. The Chinese company’s sudden obsession with their own privacy is as infuriating as it is ironic.
Nate Church is @Get2Church on Twitter, and he can’t become a wildly overhyped internet celebrity without your help. Follow, then retweet and favorite everything he says. It’s the Right Thing To Do™!