Hong Kong company VTech Holdings Limited has announced that its Learning Lodge app store has been hacked. The data breach may involve as many as 4.8 million accounts and include personal information on more than 200,000 children which brings a new level of concern about this particular data breach. Learning Lodge is an app store for high tech learning games and other educational toys for children.
The adult customer information compromised in the data breach includes names, email addresses, encrypted passwords, security questions and answers, IP addresses and mailing addresses. Although the passwords were stolen in their encrypted form, VTech used older, less secure encryption algorithms, which can be readily cracked by sophisticated cybercriminals. This means that the customers whose data was stolen are in particular danger if they, like so many people do, use the same password for multiple accounts.
In addition, the potential for exploitation of the children’s data stolen brings a new wrinkle to this data breach. Children’s names and birth dates could be tied to their parents through the stolen information thereby establishing a new avenue for identity theft and fraud. Spear phishing using this information, whereby malware containing emails could be made to appear legitimate, pose a real threat to the victims of this data breach.
Once again, people are becoming vulnerable to identity theft due to the lack of proper security measures by a company with which they do business. However, the failure of people to protect themselves by using unique, distinct passwords for each of their accounts substantially contributes to their risk of identity theft. The lesson is to remember that you should always have a distinct and unique password for each of your online accounts. It should be a complex password so that it cannot be broken by simple brute force attacks that use millions of guessable combinations such as any word in the dictionary or such common passwords as 123456. One good way to pick a complex password is to pick a phrase, such as “I Don’t like passwords” and turn it into the basis for a password by making it IDon’tLikePasswords. This password is already complex in that it has words and a symbol. Now add a couple of symbols at the end of the password so it may read IDon’tLikePasswords!!! and you have an easy to remember, but strong password. Now you can just adapt it for each of your online accounts with a few letters to identify the account. Thus, your Amazon password can be IDon’tLikePasswords!!!Ama and you have a strong, but easy to remember password.