A few days ago, a hacking incident was reported regarding tmaker VTech, where personal data of over 5 million parents and 200,000 children were stolen . The story seems to have further developed, as it has now been revealed that the hacker that was responsible was also able to obtain headshots and chat logs of the users from compromised VTech products.
In an encrypted interview with Motherboard, the hacker, who was asked not to be named, shared that VTech left other sensitive data exposed on its servers, like photos of children as well as chat logs with their parents. The data was reportedly gathered from 'Kid Connect,' a service that allows parents to chat with their children using a VTech tablet. The service also encourages kids and their parents to take headshots of themselves to be used in apps.
The data accounted for a whopping 190 GB from 2.3 million registered users. At this time it is unclear exactly how many images the hacker was able to find, as some are duplicates, but it's being estimated in the tens of thousands. Aside from the pictures, chat logs and audio communications between child and parents were found on the server. Despite being able to obtain all of the personal data, the hacker told Motherboard that he has no plans in any way to sell or publish.
"Frankly, it makes me sick that I was able to get all this stuff, VTech should have the book thrown at them" - hacker
According to the hacker, most of the acquired data like pictures, chat logs, and audio recordings can easily be traced back to specific usernames - making it easy for the hacker to identify the people involved. As a measure to prevent any more attacks in the future, VTech said in a press release that for the moment, it has shut down its most vulnerable portals such as the 'Learning Lodge,' along with many other VTech websites.
Source and Image via Motherboard