Parents, beware: Your child’s kid-friendly gadgets may not be as safe as you think.
On Friday, the Chinese company VTech, which specializes in children’s tablets and other gadgets, said that its server was breached and that customers’ personal information was jeopardized.
Now, it appears that pictures of children taken with its tablets were included in that data breach.
While the company acknowledged that the breach affected a server that stored names, emails, encrypted passwords, addresses, download history, and IP addresses, the company did not originally say how many people were affected.
More importantly, VTech didn't mention any images that were compromised.
As many as 5 million parents and 200,000 children had their personal information exposed, according to Motherboard, who first reported the story and is in contact with the hacker responsible for the breach. VTech confirmed those figures on Monday. And now it appears that other sensitive data was also exposed, including pictures of children and their parents, as well as chat messages and audio recordings exchanged between the two.
Motherboard reports that the hacker who found the vulnerability in VTech’s servers also found a vulnerability in the way the company secures information shared on its Kid Connect platform, which is a service that lets parent use a smartphone app to exchange messages, pictures, and stickers with their child, who uses a VTech tablet.
VTech promotes its Kid Connect service as a way for kids to safely join in digital communication, but the hacker claims he found tens of thousands of pictures of children and their parents, as well as chat messages and some audio files.
Motherboard reports that the hacker shared some 3,832 image files with them as proof of the data being vulnerable, however, the hacker said he does not plan on publishing any of the data.
It's unclear why the company was storing this data on its servers. Tech Insider reached out to VTech for comment and will update the story as soon as we hear back.
On Monday, attorney generals for both Connecticut and Illinois separately said that they will be investigating the breach, but did not clarify if they were cooperating with other states, according to a Reuters report.
