In what is being called the largest known hack targeting children’s data, personal information for over 6.4 million children and 4.9 million adults has been compromised in an attack on VTech. The company, which produces educational electronic toys for children, has been feverishly assessing the damage for the last three weeks and has yet to restore online functions for its products.
Despite also being the largest manufacturer of cordless phones in the world, the hack on its children’s line has resulted in a nearly 15% drop in the company’s stock price and guarantees a future filled with credible lawsuits. All of this comes hot on the heels of the announcement that Mattel’s latest creation, the Wi-fi-enabled Hello Barbie doll, can be hacked and turned into a surveillance doll to record conversations and personal information.
If anybody thought that children’s data was going to be left mostly untouched by hackers, this holiday season has become far more terrifying for parents. If anything, not only does this hack send shock waves through parent groups and businesses that deal with children’s data, but it should be a wake-up call to any business that assumes security is a non-issue citing any one of the arbitrary factors that they might concoct in defense.
Your company may facilitate sales of crude oil or handle the distribution for those cardboard spoons that are packed in with supermarket ice cream cups. Guess what? Hacking is unfocused.
The fact of the matter is that VTech was hacked because they left themselves open to it, not because what they had is particularly valuable or appealing. By encrypting each password with a completely ineffective straight MD5 hash, VTech showed that they are utterly uninterested with protecting the privacy of parents and their children. While this hack was initiated by a 21-year old that doesn’t appear to have any connection to the company, it could just have as well been a disgruntled employees due to the ineffective nature of how the data was stored.
The idea that hackers are only fueled by monetary gain has been proven false time and time again in recent years, with major attacks often spurred by ego or gaining proof that companies are relying on outdated technology. Whether or not your company has to comply with the Children’s Online Privacy Protection Act is irrelevant; security is important, and sooner or later, your company will be tested.
From advanced firewalls and proper encryption methods, to employing User Activity Monitoring software on all machines, an ironclad security infrastructure is comprised of sturdy blocks that form a foundation. Leave one block out and the building is bound to eventually fall.