Kids and parents beware: modern toys are another gateway to private data

The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets.

That company is VTech, but the hack is not on the toys themselves: it’s on the servers that recolect parents and children data. And ancient vulnerability that allows SQL injection attacks and that has lead to the change to collect all this information from end users.

It’s not an isolated case.  There has been for example another problem with the “Hello Barbie” toy from Mattel, which audio files and connection data to servers could be hijacked (it’s not clear if there’s a real risk there according to Mattel partners on this feature). Wired told us a story about the IM-ME made from Mattel and repurposed for opening gare door, and My Friend Cayla could become a toy from an horror movie.

Security and privacy related news are so frequent on this days that we don’t pay much attention to day, but when those users are kids, things start to raise eyebrows. Maybe this is what we need to be aware of the dangers of this information and hyperconnection era.

Security must be seen as something important from the very beginning.  We must learn what secure by design means. And product and service makers should apply that idea to all their processes.

Source: One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids

Author: Javier Pastor

Javier Pastor is a technology journalist that has been writing about tech since 1999. He started writing for PC Actual in Spain, the leading printed magazine in the country, and in 2006 started to write online. First as the Chief Editor for The Inquirer ES, and after that for MuyComputer until 2013. That year he became senior editor at Xataka, the leading tech news website in Spanish with over 5M uniques/month (Aug'15, comScore). Xataka is part of Weblogs SL, a blog network that gets over 40M uniques/month and that has a wide catalog of publications in Spanish. The Unshut is his new venture and allows him to express his opinions and thoughts on everything touched by technology, and follows what he has been doing at Incognitosis, his personal blog, since 2005.