Vtech confirm 4.8million customers hacked
Vtech, the provider of tech and toys to kids, have confirmed that they've suspended trading after a hack that saw 4.8 million customer details stolen. A spokesperson said that an “unauthorised party” accessed the data that was in VTech's Learning Lodge app store last month.
The information that was included was profile info, which includes names, addresses, IP addresses, email addresses, history of downloads and secret answers to security questions. No password information was taken, and no credit card info was affected either.
Security analyst Troy Hunt, has looked into all this, and said that the passwords were not encrypted, like Vtech claimed: "Once the passwords hit the database, they’re protected with nothing more than a straight MD5 hash, which is so close to useless for anything but very strong passwords (which people rarely create), they may as well have not even bothered. The kids’ passwords are just plain text."
"The vast majority of these passwords would be cracked in next to no time; it’s about the next worst thing you do next to no cryptographic protection at all."
This follows what seems to be an endless series of hacks, with the most notable happening with TalkTalk.
Hunt continued: "Despite the frequency of these incidents, companies are just not getting the message; taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people.”
Obviously, you should change your passwords and the like if you think this affects you. If you have any queries, Vtech's UK number is 01235 546810.
Fax: (01235) 546804