Advertisement

VTech's data breach includes children's photos and chat logs

VTech's data breach is a lot worse than we initially thought.

News of VTech's data breach affecting nearly 5 million customers first broke last week, and now it appears other kinds of info were easily accessible to hackers. Motherboard reports that the company kept photos of parents and children alongside "a year's worth" of chat logs on its servers where prying eyes could easily find them. The same hacker that alerted Motherboard to the initial vulnerability late last week found that VTech left the images and conversations from its Kids Connect service exposed as well. The company says that while images and sound clips are encrypted with AES128, the chat logs were not.

While the hacker shared images with Motherboard, he said he doesn't plan to publish or sell the data, but wants to inform parents of the risks of using the devices. The initial report indicated that customer names, addresses, encrypted passwords and both birthdays and genders for kids weren't properly secured, so the addition of images and chat logs makes the issue much worse.

[Image credit: Gareth Cattermole/Getty Images]