The VTech breach

VTech:

Our customer database contains user profile information including name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history. In addition the database also stores kids information including name, genders and birthdates. In total about 5 million customer accounts and related kids profiles worldwide are affected.

Over the last few years we’ve seen some pretty big breaches of security at the world’s largest retailers. You would assume, incorrectly, that these heists were incredibly elaborate and would require an incredible amount of sophistication to pull off. Most of the heists were of general sophistication to get to the data but once the data is found it has been easy to extract, parse, download, etc.

It is scary how much personal data companies are willing to store and not even try to encrypt or store securely. I’ve seen it myself and even warned several companies. None of them ever think it will happen to them.

Motherboard has more about the breach and some specifics as to how much, and of what make up, the over 190GB worth of data this hacker got from VTech was.