COSTA MESA (CBSLA.com) — As many as 5 million parents and 200,000 children may have may have had their personal customer information hacked into over the site for the popular electronic learning product company, VTech.
Names, emails, dates of birth, mailing addresses, IP addresses, passwords and download history for 5 million accounts were exposed as a result of the breach, according to a statement by VTech.
The exposure, however, goes much deeper than addresses and passwords.
A hacker was able to pull up photos taken of children with their parents, along with chats and audio recordings made with the “Kid Connect” service, according to the tech site CNET and the online magazine Motherboard.
President of Information Security Pros, Todd Plesco, explains that he is troubled by the massive breach.
“I’m not surprised,” Plesco said. “They’re using mobile applications. Most of these are based on the Nexus tablet, which uses Android-Four operating systems. So, reverse engineering the software isn’t that hard.”
Plesco went on to say that a name and a date of birth is all that is required for cyber thieves to access Social Security numbers.
“That could be used for everything from medical, to loans, to what have you,” Plesco said.
VTech suggests that no credit card information or Social Security numbers were taken in this specific incident, but Plesco says VTech did not do enough to encrypt customers passwords and data.
Hackers can sell personal information, allowing criminals to steal goods and identities, even with a child’s basic information.
“Before they reach the age of 18, the hackers could sit on the information and use it once your child turns 18,” Plesco said.
Experts suggest online customers do the following for purchases:
- Do not use a real date of birth.
- When the app asks for a mother’s maiden name, make one up.
- Use a different password from other accounts.
- Keep an eye on email accounts for spam, so that you can watch for targeted phishing attempts mentioning a child’s name.