As a parent I felt it important to use this blog to cover this recent security breach and the implications for other parents who have registered a VTECH toy online.
You may have seen articles like the one below, but if you haven’t and you do have VTech toys, then I suggest that you check it out.
Whilst we have seen many data breaches in large corporations over the last couple of years, this one is particularly important because it exposes the information of children.
Not only could a child’s name, age and gender be determined, but also they can be linked to a parent along with addresses and other information. Even worse, it would appear that the breach now also includes photographs of children as they are often encouraged upload a photo as an avatar for their account.
There are many reports on this breach, but I think that Graham Cluley’s security blog is a good place to start:
VTech say they have closed the security breach, but unfortunately they’re “closing the stable door after the horse has bolted” as the data is already out there.
Experts also say that it isn’t that easy to secure this kind of fundamental flaw, and as a result VTech have had to take the vulnerable sites offline.
If you wish to check if your account has been compromised in this or one of the other high profile breaches then you can visit HIBP website and search for your email address. (Bear in mind that whilst you may not have any VTech toys around now, if you created an account even some years ago, then it may still be in their system.)