![\"VTech](\"https:\/\/c2.staticflickr.com\/6\/5677\/22869376853_86be1007fe.jpg\")
<\/p>\nAnd once again, the messy technical flaws of a company are being exposed with the recent VTech hack – it’s really not looking good for them with account passwords ‘secured’ with unsalted md5 hashes and all kinds of private information being leaked includes parents addresses, kids birthdays, genders, secret answers and associated meta-data (IP addresses, download histories and more).<\/p>\n
<\/p>\n
The attack originally claimed to have leaked only around 220,000 records – but it turns out to be way worse than that. 4.8 million parents and 6.37 million children \u2013 including 1.2 million users of its KidConnect messaging service.<\/p>\n
Names, home and email addresses, security questions and answers, and more information on millions of families worldwide have been swiped from a top toymaker’s database.<\/p>\n
And the birthdays, names, and genders of nearly a quarter of a million kiddies have been accessed, too.<\/p>\n
Chinese electronics giant VTech today admitted its systems were compromised on November 14. Miscreants were able to extract customer records from its Learning Lodge app store, which provides downloads of games, books, music and other stuff for VTech toys. The Hong Kong-based biz specializes in making computer-like gizmos for preschool kids to play with, settling them in for a lifetime of fondleslab smearing and internet addiction.<\/p>\n
Computer security bloke Troy Hunt says he has seen a copy of the swiped information, and reckons he found “4.8 million unique customer email addresses,” suggesting that many accounts have been raided by hackers.<\/p>\n
He also said people’s account passwords were one-way encrypted using MD5, a particularly weak hashing algorithm, meaning simple passwords can be easily cracked and revealed. No salting was used, so off-the-shelf rainbow tables can be used to divulge rudimentary passwords like “children15” or “welcome81”.<\/p><\/blockquote>\n