VTech didn't properly secure passwords, 6M reportedly exposed

Security researchers said passwords weren't properly scrambled and hashed
Security researchers said passwords weren't properly scrambled and hashed
Security researchers are accusing the toy giant VTech of not properly securing customer passwords, leaving what is now being reported as more than six million accounts exposed.

Rik Ferguson, Vice President Security Research with Trend Micro, told the BBC that VTech didn't properly scramble customer passwords in its database and also stored customers' security questions and answers in plain text. The toy company also used a vulnerable algorithm to “hash” its customers' passwords, the researcher said.

"They made a poor choice. The MD5 algorithm has been known to be flawed for a decade," the BBC quoted Ferguson as saying.

As a result a hacker was able to access the names, email addresses, passwords and home addresses, secret question and answer for password retrieval, IP address, mailing address, download history and 190GB worth of photos from the company's website. The hacker told Vice's Motherboard the purpose of the attack was to expose the security flaws and ensure they were patched.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS