TechSpot

VTech's new T&C's warns customers that it won't be held responsible should another hack occur

By midian182
Feb 11, 2016
Post New Reply
  1. Last November, it was reported that children’s toy maker VTech had its Learning Lodge app store database hacked. The breach saw data that included names, e-mail addresses, passwords, mailing addresses and IP addresses being compromised. The attacker also downloaded a large number of photos and chat logs, many involving children.

    Now, more than two months after the attack, VTech has relaunched its online app store with some upgraded security features. But cybersecurity experts are condemning the site’s updated terms and conditions that absolve the company of any responsibility should another hack take place.

    As noted by Australian security specialist Troy Hunt, VTech’s T&C’s read:

    You acknowledge and agree that you assume full responsibility for your use of the site and any software or firmware downloaded.

    You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorised parties.

    You acknowledge and agree that your use of the site and any software or firmware downloaded there from is at your own risk.

    Recognising such, you understand and agree that… neither VTech nor [its partners] or employees will be liable to you for any […] damages of any kind.

    It seems as if the document, which was updated on December 24, suggests that customers will have no grounds for complaining to VTech should another breach occur – they’ve already agreed that the site isn’t secure.

    "If [VTech] honestly feel they're not up to the task of protecting personal information, then perhaps put that on the box and allow consumers to consciously take their chances rather than implicitly opting into the 'zero accountability' clause,” wrote Hunt.

    Some security researchers have called for parents to boycott VTech’s products. "This is an unbelievably arrogant and derogatory response considering their track record with data security," said Ken Munro from Pen Test Partners. "If VTech think that those T&Cs are the answer to their problems I think they should be given a bigger problem to deal with. Boycott them and take your money somewhere else."

    VTech has responded by claiming that Terms and Conditions of this nature are quite common.

    "Since learning about the hack of its databases, VTech has worked hard to enhance the security of its websites and services and to safeguard customer information," said a spokeswoman. "But no company that operates online can provide a 100% guarantee that it won't be hacked."

    "The Learning Lodge terms and conditions, like the T&Cs for many online sites and services, simply recognise that fact by limiting the company's liability for the acts of third parties such as hackers," she added. "Such limitations are commonplace on the web."

    In December, a 21-year-old man from Berkshire, England, was arrested in connection with the hack. Despite the fallout from the breach, VTech is about to expand its business by acquiring rival toymaking company LeapFrog in a $72 million deal.

    Permalink to story.

     
  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,490   +2,040

    Of course, it makes sense. It's far simpler and cheaper to shift responsibility rather than be held accountable for laziness, sloppiness and gross negligence.
    This is one shifty company if I ever saw one.
     
    Last edited: Feb 11, 2016
    ikesmasher likes this.
  3. BlueDrake

    BlueDrake TS Evangelist Posts: 350   +103

    Basically I'd say don't trust "for kids" toy companies, with any sort of personal information if it's being stored online. Sorry companies if you're here to help them learn, if you want to be this ignorant then don't expect any dollars from me. I'd rather give something else to them for learning, even if it means you have to be around more often.

    You can't trust companies these days, to not shift the blame on consumers. Of course this is standard online, because you can then just say "Well we warned them, and they went ahead with using said products!" with nobody batting an eye. If they actually stood up and did something for the customers, people might actually view them in a better light. Instead of using an ingrained system that's very widespread, they could have made a stand to improve the standards.

    It takes a few large companies looking to improve something, beyond what's considered standard before others start to take notice. Just why be a cut above when, you can be pretty much on par with everyone else? :p
     
  4. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,554   +2,894

    They just opened the doors to selling consumer information without repercussions. And it is not even in fine print, that's bold (pun intended) of them.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...