{"id":5187,"date":"2015-12-02T07:27:58","date_gmt":"2015-12-02T12:27:58","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5187"},"modified":"2019-11-15T15:24:20","modified_gmt":"2019-11-15T11:24:20","slug":"vtech-toys-hacked","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/vtech-toys-hacked\/5187\/","title":{"rendered":"5 Million VTech accounts hacked \u2013 kids&#8217; data exposed"},"content":{"rendered":"<p>Nothing says the holiday season like over-spending on toys and devices for our children. It really shows how much we care \u2013 right? Chances are, there is a toy or two on your kid\u2019s list that has some type of connection to the web. Hell, they may already have a half-dozen or so already.<\/p>\n<p>Raise your hand if your kid has a VTech toy that helps them with learning? It\u2019s OK to admit, we own a few. For those of you who raised your hand, you may want to sit down before reading on.<\/p>\n<p>On Cyber Monday,\u00a0<a href=\"https:\/\/threatpost.com\/data-on-5-million-users-compromised-in-breach-at-toy-maker-vtech\/115495\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">VTech announced that they were hacked<\/a>\u00a0some time in November, and that the hackers had compromised over 5 million user accounts on their network from one databases.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/parents?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#parents<\/a> Data on 5 Million Users Compromised in Breach at Toy Maker VTech: <a href=\"https:\/\/t.co\/iahrhCdiBp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/iahrhCdiBp<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/t.co\/pxZ4k8PJez\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/pxZ4k8PJez<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/671397751477899264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The hackers\u2019 bounty included usernames, passwords, IP addresses and downloads \u2013 pretty standard fare for a database breach, right? However, that was the least of what the hackers made off with. You see the hackers also were able to gain birthdays, gender and names of the children and also nabbed 190 gigabytes of photos that include tens of thousands kids\u2019 headshots.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/_3PUu88nOcw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Yes, you read that right. Tens of thousands of photos of kids and parents \u2013 intimate photos that no one wants to fall into the hands of evil doers.<\/p>\n<p>According to the company\u2019s\u00a0<a href=\"http:\/\/www.vtech.com\/en\/media\/faq-about-data-breach-on-vtech-learning-lodge\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">FAQ statement<\/a>, the breach may impact users in the United States, Canada, United Kingdom, Republic of Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.<\/p>\n<p>Unfortunately, this story is still developing, so parents wondering if their family\u2019s account was compromised will have to stand pat and wait. We will share more info as we know it as will my colleagues Mike and Chris over at Threatpost so be sure to keep checking back.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5189\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/12\/05103538\/VTech.png\" alt=\"VTech\" width=\"2458\" height=\"1226\"><\/p>\n<p>At the time of writing this post, you can shop \u2019til you drop at VTech\u2019s online store. The company does not offer a disclaimer of the hack on their website\u2019s homepage, but could you blame them when you\u2019ve got the \u201cCyber Week Super Sale\u201d and \u201cMerry Must-Haves\u201d front and center?<\/p>\n<p>I love the smell of ecommerce in the morning, especially when buying for my kids. Ok \u2013 now that I got my sarcasm out of the way, the company does disclose the breach when you click on the \u201cDownloads\u201d section, which makes sense given that it is geared more to repeat customers \u2013 who potentially could be one of the 5 million.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5190\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/12\/05103536\/VTech-2.png\" alt=\"VTech-2\" width=\"2150\" height=\"1082\"><\/p>\n<h3>This sucks \u2013 what can I do?<\/h3>\n<p>Unfortunately, as we continue down the path of more connectivity, we are going to be slapped with the harsh reality that there are evil folks out there who will look to exploit vulnerabilities in the products. In a\u00a0<a href=\"http:\/\/www.cbronline.com\/news\/internet-of-things\/consumer\/vtech-hello-barbie-the-dangers-of-connected-toys-this-christmas-4741554\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">recent interview<\/a>, David Emm of our GReAT team opined:<\/p>\n<p><em>\u201cWe live in a connected world, where even our children\u2019s toys could become the means for personal data being captured by attackers. It\u2019s really important that, when considering such toys this Christmas, parents look beyond the fun aspect of a toy and consider the impact it might have on their child and the wider family.\u201d<\/em><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5191\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/12\/05103534\/emm1.png\" alt=\"emm1\" width=\"1000\" height=\"1000\"><\/p>\n<p>So how can we keep Suzie and Billy safe? Here are a four tips:<\/p>\n<ol>\n<li><strong>Guard your kids<\/strong>\u00a0\u2013 When it comes to exposing children to the Web and\/or connected devices it is a decision that can vary from parent to parent. However, we would urge you to do some research and decided what exposure you want out there when you are looking at exposing your children to the Web.<\/li>\n<li><strong>No real data<\/strong>\u00a0\u2013 Pop quiz: do you know why retailers ask for personal data when you sign up for a service or account to play online games? If you said \u2018to enhance the experience,\u2019 you are wrong. Sites that collect data use this to market to you, or sell the data to third party vendors, so that others can market to you. Think twice before giving them the leg up on your kids\u2019 data.<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5192\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/12\/05103533\/emm2.png\" alt=\"emm2\" width=\"1000\" height=\"1000\"><\/p>\n<ol start=\"3\">\n<li><strong>Photos are priceless<\/strong>\u00a0\u2013 You know that saying, a photo is worth 1,000 words? While it may or may not be true, your kid is priceless. No one should be looking at photos of them, unless you want them to.<\/li>\n<li><strong>Smart, not secure<\/strong>\u00a0\u2013 We live in an age where everything from a Barbie to a fridge can be \u201csmart\u201d and connected. However, the downside is that in the creation of these devices, security is often not top of mind for the companies. If you don\u2019t believe us, read up this tale that discusses\u00a0<a href=\"https:\/\/securelist.com\/analysis\/publications\/72595\/surviving-in-an-iot-enabled-world\/\" target=\"_blank\" rel=\"noopener noreferrer\">hacked baby monitors<\/a>.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Read about how I hacked my own home! Full research paper here! <a href=\"https:\/\/twitter.com\/hashtag\/iot?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iot<\/a> <a href=\"http:\/\/t.co\/WXAXkDJWfK\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/WXAXkDJWfK<\/a><\/p>\n<p>\u2014 David Jacoby (@JacobyDavid) <a href=\"https:\/\/twitter.com\/JacobyDavid\/status\/502436832089747456?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 21, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"entry-content\">\n<div>\n<p>At the end of the day, you are your best ally against cybercrime. The less you share, the less there is to get out there. As always we\u2019re here to help and if you want to keep up with the latest news, be sure to follow us on Facebook or Twitter to keep up with the latest news.<\/p>\n<\/div>\n<\/div>\n<div class=\"social-likes social-likes_visible social-likes_ready\"><\/div>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nothing says the holiday season like over-spending on toys and devices for our children. It really shows how much we care \u2013 right? Chances are, there is a toy or<\/p>\n","protected":false},"author":636,"featured_media":5188,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[1737,2088,872,82,89,90,43,886,1093],"class_list":{"0":"post-5187","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-advice","10":"tag-tips","11":"tag-breach","12":"tag-hacking","13":"tag-kids","14":"tag-parents","15":"tag-privacy","16":"tag-private-data","17":"tag-vtech"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/vtech-toys-hacked\/5187\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/vtech-toys-hacked\/6354\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/vtech-toys-hacked\/6501\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/vtech-toys-hacked\/6426\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/vtech-toys-hacked\/7310\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/vtech-toys-hacked\/7006\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/vtech-toys-hacked\/10697\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/vtech-toys-hacked\/5072\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/vtech-toys-hacked\/9762\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/vtech-toys-hacked\/10697\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/vtech-toys-hacked\/10697\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/advice-2\/","name":"advice"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5187"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5187\/revisions"}],"predecessor-version":[{"id":14908,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5187\/revisions\/14908"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5188"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}