The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets.
That company is VTech, but the hack is not on the toys themselves: it’s on the servers that recolect parents and children data. And ancient vulnerability that allows SQL injection attacks and that has lead to the change to collect all this information from end users.
It’s not an isolated case. There has been for example another problem with the “Hello Barbie” toy from Mattel, which audio files and connection data to servers could be hijacked (it’s not clear if there’s a real risk there according to Mattel partners on this feature). Wired told us a story about the IM-ME made from Mattel and repurposed for opening gare door, and My Friend Cayla could become a toy from an horror movie.
Security and privacy related news are so frequent on this days that we don’t pay much attention to day, but when those users are kids, things start to raise eyebrows. Maybe this is what we need to be aware of the dangers of this information and hyperconnection era.
Security must be seen as something important from the very beginning. We must learn what secure by design means. And product and service makers should apply that idea to all their processes.