As toys go high-tech, hackers are zeroing in on a particularly vulnerable target: children.
VTech, a Hong Kong-based company that sells baby monitors and digital learning toys such as children’s tablets, announced over the weekend that the data for 5 million “customer accounts and related kids profiles worldwide” were compromised as part of a cyberattack. The stolen data included names and birth dates of kids, mailing addresses, email addresses, as well as what e-books, learning games and other software were downloaded to toys, the company said in a statement posted online. Credit card information and Social Security numbers were not breached.
Troy Hunt, who runs a service that alerts consumers to data breaches, reviewed information provided to the tech-site Motherboard by the alleged hacker and found it was possible to link the stolen data about kids back to their family’s last name and home address. Shares in VTech were suspended from trading early Monday, but resumed later in the day.
Privacy advocates warn that the VTech incident may be one of many online breaches that will involve children. Companies are increasingly producing and marketing high-tech toys that link dolls and games to the Internet – as well as information about the kids playing with them. But the VTech breach shows this data isn’t always being guarded well.
“Toy companies are rushing to cash in on the changing nature of childhood in the Big Data era, where Internet-connected toys are linking children to a vast surveillance network,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “These playthings can monitor their every move, turning what should be innocent and pleasurable experience into something potentially more sinister.”
VTech sells popular toys mainly for young toddlers, including its Sit-to-Stand Learning Walker, Baby’s Learning Laptop and Kidizoom Smartwatch DX. The breach involved data collected by its Learning Lodge app store, where customers could download games and educational programs for some toys. The company took down the Learning Lodge website and as of Monday, consumers could only see a message: “Due to a breach of security on our Learning Lodge website, we have temporarily suspended the site.”
VTech is hardly the only company going high-tech. This holiday season, Fisher-Price has been hawking its Smart Toy Monkey as an “interactive learning buddy” that “talks, listens and remembers what your child says.” The company says on its website that “we never send voice data over the Internet.” The toy, however, checks a “secure server each day to see if there are new activities for your toy to learn” and remembers how engaged a child is with each activity.
The new “Hello Barbie,” a doll that uses artificial intelligence to learn about children and carry on real time conversations, was released earlier this month – raising alarm bells for some consumer protection watchdogs. Mattel and ToyTalk, the company behind the doll’s voice features, have gone to great lengths to assure customers that information the doll collects will be safeguarded. But even the doll’s privacy policy acknowledges that they cannot promise the data will stay private.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.