theITbaby

the IT city, the I.T. Baby

Vtech hack gave your passwords and email addresses

vtech brandsAny info you gave the company Vtech, which manufactures several children’s toys, has been compromised by a combination of hackers and lazy web site programmers. Passwords were stored in such a way that they’re decryptable, email addresses also, as well as answers to security challenges being stored in plain text.

Basically anything you gave Vtech you should consider it will be used against you on another site. For me, this means they have given away a password I use on kids sites, my mother’s maiden name, and where I used to work.

Although passwords were hashed into the Vtech database, there was nothing else done to them, so you can decrypt fairly easily using brute force methods. A method known as salting would have made it next to impossible to extract the hashed passwords, but they didn’t do that. Common hashed passwords can be figured out nearly instantly these days.

What they did was they treated a site that’s supposed to be safe like it was designed by a kid. Considering parents who buy Vtech probably aren’t security professionals, you can bet the passwords and information on there has probably been used elsewhere. So if you’ve used the same passwords anywhere else, go ahead and change them now.

Last thing you need is for your gift to a child being turned into a way for a hacker to get into your bank account.

Make sure in the future you never purchase your child a Vtech “my first network security terminal,” as I wouldn’t trust it based on previous results.

[BBC]

Paul King

Paul King lives in Nashville Tennessee with his wife, two daughters and cats. He writes for Pocketables, theITBaby, and is an IT consultant along with doing tech support for a film production company.