(C)Reuters |
“Frankly, it makes me sick that I was able to get all this stuff,” the unnamed hacker told Vice’s Motherboard in an encrypted chat. The hacker promises to do “nothing” with the data.
“It was pretty easy to dump, so someone with darker motives could easily get it,” the hacker said.
Parents communicated with their sons and daughters via Kid Connect, a chat service app on which identifying information – like the first name, birthday, and gender of more than 200,000 youngsters – was stored along with photos and further details regarding the account and household. Children aged 3 to 9 are the target demographic for VTech’s tablets, smartwatches and other devices.
VTech announced the November 14 hack on Friday. On Monday, the company removed itself from public trading in Hong Kong, where it is based.
The hacker downloaded 190GB of photos, estimating he has tens to hundreds of thousands of headshots.
“VTech should have the book thrown at them,” the hacker told Motherboard.
The hacker used an old method to gain total access to the consumer data known as an SQL injection, or SQLi. It is executed by simply entering commands into a website’s forms, causing hidden data to reveal itself.
According to Have I Been Pwned, a free web service showing which email addresses have been exposed in a hack, the VTech episode is the fourth largest consumer data breach in history.
“That’s very negligent,” Troy Hunt, creator of Have I Been Pwned, told Motherboard. “They’ve obviously done a really bad job at storing passwords.”
The VTech hack is larger than the January 2014 hacking of Snapchat, but is dwarfed by an October 2013 breach of Adobe, which affected 153 million usernames, email addresses and encrypted passwords
Source: RT
A lot of parents are at risk with this
ReplyDeletewhat a way for hackers to exploit people
ReplyDeletewhao
ReplyDelete