Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday November 29 2015, @09:18PM   Printer-friendly
from the won't-someone-think-of-the-children dept.

VTech, a Chinese company that makes popular electronic toys for kids, had its app store hacked.

An "unauthorized party" accessed customer information in a database for VTech's Learning Lodge app store on November 14, the company said in a statement Friday. The app store lets parents download apps, games, e-books and educational content to VTech toys.

The database contains customer data including name, email address, password, IP address, mailing address and download history. It does not contain credit card information, the company said.

VTech has not said how many customers were affected, but Motherboard, which first reported the hack, said information on nearly 5 million parents and more than 200,000 kids was exposed. The hacked data included kids' first name, gender and birthday, according to Motherboard.

[...] Motherboard was notified of the breach by an unidentified hacker who claimed responsibility. The hacker said he intends to do "nothing" with the data, according to Motherboard. Hackers sometimes break into systems simply to demonstrate that the networks are vulnerable and need to be made more secure.

If the number of exposed accounts reported by Motherboard is accurate, the VTech hack would be among the largest breaches in recent years. In August, hackers published data from more than 30 million accounts that had been set up on adultery website Ashley Madison. The personal information of an estimated 110 million Target customers was stolen in 2013 by malware installed on the retailer's point-of-sale terminals.


Original Submission

Related Stories

UK Man Arrested Over Hack of Toy Maker 11 comments

An unidentified man has been arrested in England in connection with the hack of VTech, a Hong Kong toy maker:

Police in England said they arrested a 21-year-old man on Tuesday in connection with last month's breach of VTech, a Hong Kong electronic toy maker, which exposed personal data for 12 million people, including 6.4 million minors. Hackers also made off with profile photos and chat logs of millions of parents and their children.

British police said they arrested the man, who has not been identified, in Bracknell, a town 32 miles outside of London, for breaking England's Computer Misuse Act, including "unauthorized access" to a computer and data, according to a statement released by Britain's South East Regional Organized Crime Unit.

Last month, VTech said its online database store was compromised by hackers. Among the stolen data were names, email addresses, passwords, profile information, mailing addresses and download histories belonging to parents, as well as names, genders and birth dates of children. The breach was notable for the fact that children's personal information was compromised. Security experts say children are a frequent target for identity thieves because their clean credit histories can be used to apply for government benefits, open bank and credit card accounts and apply for loans.

But the hacker believed to be behind the breach told Vice's Motherboard blog that he did not intend to sell or use the data, but instead to draw publicity to VTech's weak security practices. The hacker told Motherboard that he was able to breach two databases, containing personal data for millions of parents and children, using a simple hacking technique called a SQL injection, in which hackers enter commands that prompt a database to dump its contents.

Previously: Hack of Toy Maker VTech Exposes Families


Original Submission

Hello Kitty Hacked 21 comments

Sanrio, which owns the $5 billion a year Hello Kitty merchandise empire, has fallen victim to a hack of SanrioTown.com, an online community for fans of Hello Kitty and other Sanrio characters. Data from users of SanrioTown and other portals including "first and last names, [birthday], gender, country of origin, email addresses, unsalted SHA-1 password hashes, [and] password hint questions" were leaked to the Web and discovered by security researcher Chris Vickery.

The breach is reminiscent of the recent VTech data breach that exposed up to 6.4 million children. A UK man was arrested over the breach last week. Children are reportedly better targets for identity theft due to their blank credit histories, although it is currently unclear how many users of Sanrio sites were children.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by aristarchus on Monday November 30 2015, @05:20AM

    by aristarchus (2645) on Monday November 30 2015, @05:20AM (#269608) Journal

    Just posting so that this article has at least one comment. Seems unfair to have an article that gets no comments. But then, maybe that is because it is only about a technical issue like data security, and not about sex-bots, abortions, or sensoring The Mighty Buzzard. And no, that is not a typo and for the record I am against it. No sensors on the M. Buzz. Expecially no live-feed video. But Unless, and Until, SoylentNews can get itself out of a funk about what kind of articles are posted, I predict more of the same of less. I don't want it, I just see it.

    And what the hell was a toy company doing with 5.2 million users data? Barbie. what is your opinion on this! "I'm made of Plastic, and it's fantastic, Bob." Over to you, Chuck Todd.

    • (Score: 0) by Anonymous Coward on Monday November 30 2015, @10:24PM

      by Anonymous Coward on Monday November 30 2015, @10:24PM (#269941)

      Well.. as far as online security is concerned, I have learned it is like calling people fat.

      Calling the disease for what it is doesn't seem to get people to start caring about the harm it does to themselves.

  • (Score: 0) by Anonymous Coward on Monday November 30 2015, @06:15AM

    by Anonymous Coward on Monday November 30 2015, @06:15AM (#269615)
    Did the hacker explain how to close the hole and have VTech acted on it? My son has a few of their gadgets but I don't think any that use their online services.
    • (Score: 3, Informative) by Popeidol on Monday November 30 2015, @11:55AM

      by Popeidol (35) on Monday November 30 2015, @11:55AM (#269676) Journal

      The hacker (Who apparently contacted Motherboard directly) says it was SQL injection leading directly to root access of the web/DB servers, which is pretty vague. Motherboard hit up Troy Hunt to see whether the breach was legitimate due to his experience in the area, and he was able to confirm it's legitimacy. He's got an interesting write up about the whole thing here. [troyhunt.com] The summary: He found a whole bunch of issues and notified vtech, but they go far beyond sanitizing data from web forms. He recommends taking the whole site offline until some fundamental issues are fixed.

      What he mentions in the article is ugly enough, the part he's withholding pending a fix must be horrific.

  • (Score: 0) by Anonymous Coward on Monday November 30 2015, @10:51AM

    by Anonymous Coward on Monday November 30 2015, @10:51AM (#269663)

    Don't worry, pedophiles are already on the job!