After a high-profile hack in November of 2015, children's toy manufacturer VTech has restored principal functions of a connected product it took offline after the breach.
For customers to download games, ebooks, and content to their toys, they must use Learning Lodge, which is VTech's online distribution portal, report Clare Hopping and Aaron Lee, writing for the UK's ITPRO.
Now customers can log in to their accounts and manage their devices after the hack destroyed significant online features and compromised the data of 6.4 million children.
Although account management features have been restored, other functions are still disconnected. Some of the older generation products, such as Sleep Musical Sheep and Secret Safe Diary Selfie, are not scheduled to be restored.
Allan Wong, chairman and group chief executive of VTech, said:
"After the cyber-attack, we have focused on further strengthening security around user registration information and other services within Learning Lodge. A full list of the products and their current support status can be viewed on the Learning Lodge website."
He added that customers should log in to Learning Lodge and change their passwords as soon as possible. He also apologized that some of the site's services remain unavailable, but said the company is working diligently to reopen them quickly.
An alleged hacker has been arrested in Berkshire in connection with the cyber attack and said he struck the business site to "highlight its security vulnerabilities."
"Frankly, it makes me sick that I was able to get all this stuff," the hacker told the website. "Vtech should have the book thrown at them."
Cyber security experts were also surprised that the hackers were so easily able to access the sensitive data. Ross Brewer, vice president and managing director for international markets at LogRhythm, said the breach was not like others he has seen in his company because of the victims involved. It was, for the children who were hacked, the same as if adults had their photos and conversations hacked from Facebook.
He added that it was unbelievable to him that VTech did not encrypt its servers. After attacks on Sony and TalkTalk, a UK telecom group, cyber security teams saw how simple it was for hackers to get through a company's weak point. Especially when children are concerned, businesses must go overboard to protect the data they have been given.
VTech said the attack occurred on November 14, but was not discovered until ten days had passed. They declared they were not sure what data, if any, had been taken, but acknowledged that email addresses, passwords, names, IP addresses, download history, secret words and answers for password retrieval, along with mailing addresses, were held in its database.
According to Canadian Global News' Nicole Bogart, genders, dates of birth, pictures of children, and chats between parents and kids were also in the company's database. In Canada, 237,000 adults and 316,000 children had their profiles compromised by the attack.
The website "Have I been Pwned," which examines the Internet's worst breaches of data, reported that the VTech hack is currently the largest consumer data violation in history. In comparison, the second most massive breach was the Ashley Madison hack.