Vtech the toy maker of a learning tool for children –
Their system has been breached and has leaked thousands of pictures of children along with parents information!
The first announcement of the leak came from : Motherboard.vice.com on November 27th.
Vtech had not recognized the attack and the resulting leak until the Motherboard Team alerted them!
This is another case of no network visibility or monitoring with a security strategy!
If they had a vigilant security policy the company would have seen the leak just by the sheer volume of the out flowing data to a single, outside IP address.
This leak like so many are only discovered when the data shows up on the Dark Web or a Hacker alerts someone like in this case.
The method of attack was a SQL injection that allowed a hacker to access the names, home and email addresses with access passwords and more for over 5 million parents and children including pictures of them. As many as 200K+ children’s name, birthdates, gender was compromised along with chat logs. The extent of this breach has not been fully determined. The best action is to shut down the site until it can be repaired and better protected!
The original revenue from this toy about $2 B, some of that profit should have been used to protect the network and applications where the children and families information was stored! The toy was data tool that should have had a secure transmission and storage protection on top of the network security!
A super site to test your email addresses and see what site have been hacker into is - https://haveibeenpwned.com/PwnedWebsites.