At first glance, you may be wondering why hackers would bother, but there are three major reasons for targeting toy companies. First, they are an easy target. V-tech representatives admit that the company’s security was subpar. Second, children tend to reuse passwords just like adults do, so getting a password for one site may unlock most, if not all the sites that child uses, and of course, some sites require payment for various features to be unlocked, or are purchasing portals, so the child’s information may inadvertently expose a parent’s credit or debit card information.
Third, and perhaps most chillingly, it could well be about the long game. A hacker need only wait until the child is old enough to get a credit card and then steal his or her identity. It’s not like it costs anything to store the data and wait, and given how easy it was to breach V-Tech and Hello Kitty’s security, that’s as good as being handed free money.
There are two tragedies rolled into one here. The first and most obvious is that not even our kids are safe from hackers, and nothing seems sacred to them. The second is that the breach could have been avoided. It’s not like V-Tech or Hello Kitty didn’t have ample warning or ample opportunity to protect themselves against such things. Online tech portals have been screaming from the rooftops all year about the dangers, and outlining the steps companies need to take if they want to be secure. V-Tech and Hello Kitty simply opted to do nothing with the information. That makes it somewhat difficult to feel sorry for them. They got lucky for a while, skating by with minimal security. Looks like their luck ran out. How’s security at your company? If you are unsure, a network audit is probably your best first course of action.