The fourth largest consumer data hack in the world exposed in excess of 200,000 children’s personal information along with the personal information of almost 5 million parents. The data breach occurred on November 14th when a hacker broke into the servers of a Chinese company supplying the well known toy brand V-Tech.
Such is the extent of the data breach it is possible to connect the children’s names to their parents, revealing their full identity along with their addresses, birthdays and their even their passwords on the website.
The breach came to light when the hacker approached Motherboard with the information, (Motherboard is an “online magazine and video channel dedicated to the intersection of technology, science and humans”) and reported what he had just done. The Chinese Company were unaware of the breach until they were approached by Motherboard.
When the hacker was questioned by Lorenzo Franceschi–Biccierai Motherboard, to discover the intended use of the information, the hacker replied “Nothing” It appears that the Hacker wanted to expose the poor standard of data protection on the website in question.
Motherboard recruited security expert Troy Hunt who maintains the website, “Have I been Pwned” where people can review if their personal information has been hacked. Hunt reviewed the data breach to discover that the website was simply not encrypted enough and the website hack was very easy to complete.
Hunt makes the point that it is not good enough to improve website security after the horse has bolted. The protection of personal information should be taken very seriously, particularly where children’s information is involved.