VTech Hack: It’s Not All Fun & Games
6.4 million children’s names, gender, birth dates, audio recordings, photos, and chat logs were revealed in what some are calling the largest hack affecting those under the age of 18. VTech, a leader in children’s electronic toys, revealed information about the the hack after Troy Hunt — a Microsoft MVP for developer security — initially discovered the vulnerabilities.
Although VTech claims customer credit card information was not accessed, the true long-term ramifications of an incident like this are unknown. Hackers now have access to photographs and recordings of children that can be easily associated with specific account names, alongside their login information — which might I remind you, doesn’t necessarily pertain to only VTech login information.
It’s become a publicly decried method, but consumers continue to be relentless about using similar (or carbon-copy) email / password combinations for numerous online personal accounts. A data breach, such as this one, now seemingly affects more than just VTech accounts: it now affects all accounts that the account email addresses are associated with.
Children are some of the easiest targets of identity theft (and fraudulent activity, in general) because hackers know that the repercussions of such a theft won’t be discovered until they turn 18. It’s not until that child becomes an adult that they’ll realize that they’ve had their identity stolen: the first time they sign up for a credit card, enter their social security number, set up a private bank account, run a credit score.
Children with disabilities are similarly affected by hackers in the same fashion. The attack is ostensibly invisible until the child becomes an adult, and either they or someone responsible for their personal information discovers that their entire identity was compromised years earlier.
What Can You Do This Holiday Season?
It’s not often that a major data breach around the holidays affects children — as most hackers target big-box retailers that receive considerable attention during the holidays — but the VTech breach itself is an unprecedented event that was deliberate in targeting children’s identities.
So, what can you do about it?
Here are three steps that will help:
When signing your child up for holiday activities and/or registering them for specific events across the internet, use your own personal information (name / phone / email) to ensure that your child is always protected.
When giving your child a toy or electronic device that requires an initial account registration, use extreme caution and be vigilant about knowing what information your child enters. Always substitute your own personal information for theirs and be sure to always use different passwords and email accounts that are associated with your child’s information.
Regardless of the activity, event, or registration, never give out your child’s Social Security Number. This is one of the most paramount pieces of identifiable information that your child will possess. If compromised, your child may not find out until they’ve become an adult that they’ve had their identity stolen.
Written by Peter J. Schaub
CEO – NeoCertified