
No, VTech cannot simply absolve itself of security responsibility - pavel_lishin
http://www.troyhunt.com/2016/02/no-vtech-cannot-simply-absolve-itself.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TroyHunt+%28Troy+Hunt%29
======
sarciszewski
TL;DR - VTech is terrible.

Slightly less TL;DR - VTech got hacked, hard, and instead of investing in
securing their products and services, they opted to update their Terms and
Conditions to make them not liable for any data loss you experience from using
them.

Sorry if this is too editorialized and negative for HN, but I struggle (and
fail) to maintain neutrality when people are willingly putting children's
online privacy at risk.

If anyone is worried their company in a similar position as VTech, security-
wise, please don't repeat their mistake. You'll find it's cheaper to secure
your products than to settle lawsuits stemming from negligence. Plus, there
are fringe benefits.

[https://paragonie.com/files/white-
papers/DataBreach2015.png](https://paragonie.com/files/white-
papers/DataBreach2015.png)

[http://www.ibmcostofdatabreach.com/](http://www.ibmcostofdatabreach.com/)

(If anyone reading this IS in a similar situation, consider this an open
invitation to email me for help getting started on the road to better
security, should you need a bit of guidance. I'm the security@ for PIE)

I only hope VTech can correct their course before it sinks their ship.

