I came across this article which I must definitely share with you guys. For your convenience, I have copied the excerpts from the article here:

The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets, Motherboard has learned.

The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids.

VTech Data Hack

What’s worse, it’s possible to link the children to their parents, exposing the kids’ full identities and where they live, according to an expert who reviewed the breach for Motherboard.

This is the fourth largest consumer data breach to date, according to the website Have I Been Pwned, the most well known repository of data breaches online, which allows users to check if their emails and passwords have been compromised in any publicly known hack. The hacker who claimed responsibility for the breach provided files containing the sensitive data to Motherboard last week. VTech then confirmed the breach in an email on Thursday, days after Motherboard reached out to the company for comment. “On November 14 [Hong Kong Time] an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database,” Grace Pang, a VTech spokesperson, told Motherboard in an email.

“We were not aware of this unauthorized access until you alerted us.”

On Friday, I asked the hacker what the plan was for the data, and they simply answered, “nothing.” The hacker claims to have shared the data only with Motherboard, though it could have easily been sold online.

VTech announced the breach publicly on Friday, but failed to disclose its severity. The press release doesn’t mention how many records were lost, nor that the passwords stolen are poorly encrypted, or that the breach exposes the identities of children.

You might not have heard of VTech, but the company sells a plethora of kids’ toys and gadgets, including tablets, phones, and a baby monitor. The company also maintains an online store, called Learning Lodge, where parents can download apps, ebooks, and games for VTech products. When pressed, VTech did not provide any details on the attack. But the hacker, who requested anonymity, told Motherboard that they gained access to the company’s database using a technique known as SQL injection. Also known as SQLi, this is an ancient, yet extremely effective, method of attack where hackers insert malicious commands into a website’s forms, tricking it into returning other data.

The hacker was then able to break into VTech’s web and database servers, where they had “root access”—in other words, access with full authorization or control. The hacker said that while they don’t intend to publish the data publicly, it’s possible others exfiltrated it first.

“It was pretty easy to dump, so someone with darker motives could easily get it,” the hacker said in an encrypted chat.

Motherboard reviewed the data with the help of security expert Troy Hunt, who maintains Have I Been Pwned. Hunt analyzed the data and found 4,833,678 unique email addresses with their corresponding passwords. The passwords were not stored in plaintext, but “hashed” or protected with an algorithm known as MD5, which is considered trivial to break. (If you want to check whether you're among the victims, you can do it on Hunt's website Have I Been Pwned.)

Moreover, secret questions used for password or account recovery were also stored in plaintext, meaning attackers could potentially use this information to try and reset the passwords to other accounts belonging to users in the breach—for example, Gmail or even an online banking account. “That’s very negligent,” Hunt said. “They’ve obviously done a really bad job at storing passwords.”

For Hunt, however, the most worrisome element of the breach is the fact that it contains data about kids, and that it’s possible to link the kids’ database back to the parents, making it possible to figure out a kid’s full name and home address. “When it includes their parents as well—along with their home address—and you can link the two and emphatically say ‘Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question),’ I start to run out of superlatives to even describe how bad that is,” Hunt wrote in a blog post he published on Friday.

According to Hunt, it appears that parents still can’t trust VTech. Apart from the breach, he also found a number of awful security practices during a “cursory review” of how the company handles data on its sites. Hunt said that VTech doesn’t use SSL web encryption anywhere, and transmits data such as passwords completely unprotected. (SSL is a technology used to protect data sent between a user and a website, and it’s typically visualized with a green lock on the URL bar.) Hunt also found that the company’s websites “leak extensive data” from their databases and APIs—so much that an attacker could get a lot of data about the parents or kids just by taking advantage of these flaws.

 “The bottom line is that you don’t even need a data breach,” Hunt said. Still, he said this should serve as a lesson for VTech. “Taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people,” he wrote in his blog post.

In this case, it appears the hacker decided not to profit by selling the data online. But next time, VTech might not be so lucky.

 

** Note: I have disabled the commenting feature on my blog engine thanks to all the spammers who happily spam my blog every day. If you wish to ask me any questions, you can find me at my Facebook page (I'm there almost everyday) or just drop me an email if you wish to maintain some anonymity.

Angpow Story - Snakes & Ladders

~ Posted on Thursday, October 29, 2015 at 6:42 AM ~

I have been sharing some of my favorite angpow pieces on an angpow collectors group in Facebook and some members have been telling me to continue sharing my memorable stories and so I thought, why not write it down, that way, our kiddos can read about it when they grow up next time, eh?

For those of you who are not familiar or never heard of the words 'Angpow' (also known as 'ang pau', 'ang pao', 'angpau'), here is a quick definition:

Angpow = Red Packet (filled with cash inside) given during festivals

So for today's angpow story, it comes from this piece of lovely angpow:

Angpow Story


Today's storytime revolves around this angpow with the design of snakes and ladder. You cannot play with this angpow as there is no proper number to follow at all, just plain snakes and ladder design on it only.

This angpow reminded me of my simple childhood, back when there is no iPad, no PS whatever, heck, my childhood days were filled with pretend play, masak-masak (cooking), dress up paper dolls, playground, board games, card games (UNO, Snap, Happy Family), hopskotch, cycling around the village, catching fishes and grasshoppers and many many more.

Anyway, last year we introduced board games and card games to our eldest kiddo. It took a while for him to be interested in it but as of now, every now and then he will ask to play snakes and ladder.

I think this game helps a lot with our kiddo as initially when our boy played this game, he lost and threw tantrums as he wanted to win. It took a few more round of games for him to finally get the meaning of playing board games.

The lesson where, sometime we get ahead, sometime we lost and get eaten by snake.

That sometimes it may seem we are falling behind like a tortoise but we might end up getting ahead and winning.

The point is, winning or losing is not everything. It is not the end of the world. It is just a game where everybody just play to have fun, to enjoy it while it lasts.

Most important is the spirit in playing the game or anything for that matter, to be happy for other people's win and not to drown in sorrow if you lose. Just try again and enjoy the ride.

 

** Note: I have disabled the commenting feature on my blog engine thanks to all the spammers who happily spam my blog every day. If you wish to ask me any questions, you can find me at my Facebook page (I'm there almost everyday) or just drop me an email if you wish to maintain some anonymity.

Angpow Story - Dragonfly

~ Posted on Wednesday, October 21, 2015 at 5:41 AM ~

I have been sharing some of my favorite angpow pieces on an angpow collectors group in Facebook and some members have been telling me to continue sharing my memorable stories and so I thought, why not write it down, that way, our kiddos can read about it when they grow up next time, eh?

For those of you who are not familiar or never heard of the words 'Angpow' (also known as 'ang pau', 'ang pao', 'angpau'), here is a quick definition:

Angpow = Red Packet (filled with cash inside) given during festivals

So for today's angpow story, it comes from this piece of lovely angpow:

Angpow Story

Today's storytime revolves around this angpow from Unicef. At first glance, this is a simple looking angpow, illustrations possibly drawn to replicate child-like drawing. What attracted me to this angpow is not the 2 kiddos on the angpow. It's not the kite being held by the boy. It's not the house way behind the 2 kiddos at the background.

It is the dragonflies on the angpow.

Long ago, when I was in my pre-teen phase, there was a phase when us kids are crazy with doing this knot craft using polypropylene cord. With some tutorial from my classmate then, I made a dragonfly using these cords. And I gave one to my late mother during her birthday. Together with a piece of RM1 cash and a piece of paper handwritten by my young self wishing her a happy birthday.

I forgot all about the dragonfly...

Until 8 years ago when I went through my flat before shifting to our current house now. My hubby then boyfriend helped me to dismantle my bunk bed while his mum helped me moved the plates and kitchen utensils into boxes to move it together. I was going through my late mum's kitchen cabinet and throwing away old newspapers and stuff and I found the dragonfly craft. My late mum kept it in good condition, together with the RM1 and the paper I wrote.

I kept that dragonfly craft but not sure where it is (small) but it is somewhere in my box of stuff I shifted along. I never knew a simple and silly craft I made when I was 11-12 years old would leave an impact still. Of course, I'm touched that my late mum treasured my silly gift.

 

** Note: I have disabled the commenting feature on my blog engine thanks to all the spammers who happily spam my blog every day. If you wish to ask me any questions, you can find me at my Facebook page (I'm there almost everyday) or just drop me an email if you wish to maintain some anonymity.