VTech hack is the first major attack to gain access to minors’ accounts

Computer code superimposed over people walking down the sidewalk.

Chat logs could open vulnerabilities, says UB cyber expert

Release Date: December 1, 2015 This content is archived.

Print
Arun Vishwanath.

Arun Vishwanath

“We often think about stolen information making credit cards and bank accounts vulnerable, but individuals can be targeted through other means, such as social media attacks or even selling the information that makes it easier to specifically craft attacks based on people’s lifestyles.”
Arun Vishwanath, associate professor of communication
University at Buffalo

BUFFALO, N.Y. – More than 200,000 of the 5 million accounts stolen in a cyberattack on the digital toymaker VTech belonged to children, and their archived chat logs from the site could potentially be stitched together to form a comprehensive profile, information that hackers could use to open credit card accounts, according to Arun Vishwanath, an associate professor in the Department of Communication at the University at Buffalo and an expert in cyber deception.

“And no one would even know anything was wrong until that child applied for credit on their own later in life,” says Vishwanath.

Vishwanath says this is one of the first major attacks that involves stealing information from minors, including passwords, personal photos, logins, security credentials that provide name, date of birth, a child’s gender and chat logs, which might at a glance seem harmless, but could also contain nicknames, addresses or even embarrassing gossip.  

“Collectively that’s a lot of potentially damaging data,” says Vishwanath.

But there’s another dimension to the hack, part of what Vishwanath calls a new paradigm that became reality following breaches like those at Ashley Madison and SONY Pictures Entertainment.

“Hackers no longer just steal personal information,” he says. “They are releasing that stolen personal information in the public domain.”

And Vishwanath says there’s no undoing that action.  Once released, that information stays in searchable databases forever.

“That’s the scary part,” he says. “We often think about stolen information making credit cards and bank accounts vulnerable, but individuals can be targeted through other means, such as social media attacks or even selling the information that makes it easier to specifically craft attacks based on people’s lifestyles.”

The disturbing nature of the trend was seen last month when hackers released 15 gigabytes of data stolen from the crowdfunding site Patreon, including their users’ names, passwords and donation records.

“Reports of organizations paying ransoms to stop similar releases, of people losing their jobs and of some even killing themselves out of embarrassment, highlight the stakes involved,” says Vishwanath.

To find UB faculty experts on other topics – including issues trending in the news – visit UB’s Faculty Experts website.

Media Contact Information

Bert Gambini
News Content Manager
Humanities, Economics, Social Sciences, Social Work, Libraries
Tel: 716-645-5334
gambini@buffalo.edu