If you’ve purchased a Vtech product and registered or updated it through the Vtech website, your email address, password, and security questions and answers are now in the hands of hackers.

Vtech didn’t make much effort to secure their system, so the passwords were only hashed, not salted (meaning you can retrieve them pretty easily,) the email addresses and answers to security questions were stored in plain text.

So for those of you who use the same password on multiple sites, you’re pretty much the people at biggest risk here, however in terms of severity of the breach, if you used any of the challenge questions that your bank uses, you’re at risk from now on out as that info is out there and can be tied to the next hack, or the next.

I won’t harp on Vtech too much as my disappointment in them really was hard to go much lower than it was (I really, really, really hate their tablets,) nor harp on the risks of using the same password on any two websites.

If you’ve got the opportunity though, you might want to check if your bank, email provider, etc offer two factor authentication. Two factor authentication means that not only does someone have to have your email and password to get into an account, they also have to have the next step which can be a text message, answering a phone, or running an app with an absurdly long unique seed string that generates a new password every minute for you.

[BBC]