Over the Thanksgiving holiday in the United States, the children’s electronic toy maker VTech confirmed a data breach that affects nearly 5 million parents and 200,000 children around the world.
The latest reports indicate that this data breach includes names and addresses of parents, names and ages of children, as well as videos, pictures, audio files, and chat logs. Independent analysis of the stolen data shows that it’s possible for all of the stolen information to be knit together so that attackers can potentially associate pictures, videos audio files, and chat logs with specific children, their parents and home addresses.
In a worst case, this means that the stolen data could be used to build profiles of children that include their name, age, parent’s name, home address, and (from chat logs) information that only a trusted adult would know such as a child’s favorite toy and the name of their siblings.
Right now, there is no indication that the worst case has happened: the attacker behind this data breach claims they are holding the data securely and won’t sell it. And there’s no sign of this data on criminal undergrounds that we monitor. But that could always change.
If you’re the parent of a child that’s used VTech devices, be aware of this situation and watch for more information from VTech on their website. VTech hasn’t provided much information but that could change as more details emerge. Additionally, be vigilant for phishing attempts against yourselves and your children. Products like Trend Micro™ Security have built in anti-phishing capabilities that can help safeguard your systems and devices against such attacks.
Even if your children haven’t used VTech devices, you should take time now and reexamine what information you provide about yourself and your children online. Even if your child isn’t online themselves, as a parent you are likely already building up their digital footprint: this incident shows what can happen when that data is stolen. When posting information about your children, all parents should ask themselves “what’s the worst that could happen if this is made public.” If you answer isn’t a good one, don’t post it. In particular, don’t post pictures and videos that are tied to your child’s identity, that provide information about your child’s physical location, or information that could make a stranger seem like a trusted adult.
And this is advice not just for parents but for everyone responsible for the safety and well-being of children. Grandparents, aunts, uncles, family friends: everyone is responsible for ensuring the online safety of children they care for by being mindful of the digital footprint they’re building for them.
As always we will watch this situation and provide any updates as more information comes out.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.
from Trend Micro Simply Security http://ift.tt/1O1cfCo
via IFTTT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.