Despite widespread public condemnation, Hong Kong toy maker VTech is not backing down from a change in its Terms and Conditions ducking its responsibilities in the event of a breach.
欧洲客户现在不得不同意的服务条款,包括下面的句子:“您承认并同意您在使用本网站的过程中发送或接收任何信息可能并不安全,可能会被拦截或以后被未授权方获得。“
这是在回应数据泄露前fall which affected about 5 million parent accounts and more than 6 million children's' accounts. The children profiles included names, genders, birthdates, headshots and chat logs while the parent accounts included email addresses, passwords, secret questions and answers, IP addresses, and mailing addresses.
“No company that operates online can provide a 100 percent guarantee that it won’t be hacked," said Grace Pang, head of corporate marketing at伟易达集团。“学习小屋条款和条件,如条款及细则许多在线网站和服务,只是通过限制公司对第三方的行为的责任,如黑客承认这一事实。这样的限制是在网络上司空见惯。”
杰夫·希尔,在安全厂商渠道营销经理STEALTHbits Technologies
安全专家强烈地反对该公司的决定。
“It won't hold water," said Troy Hunt, Microsoft MVP for developer security at微软。
他参与了确认原违约的事实,并参与了安全问题。
据亨特,该公司的系统容易受到SQL注入,没有SSL加密的任何地方,大量过时的Web框架,和多严重的直接对象引用的风险。底线?与添加数量和使用自动化工具来安装SQL注入攻击的能力的单个个体能得到的所有数据。
当一个像易达公司与客户数据demonstrably疏忽,他们要面对的法律,他说。
“Terms like this are unlikely to have any tangible impact on the outcome," he said. "Particularly in the European Union, where privacy laws are strengthening and penalties increasing... it's unlikely to make any difference to legal outcomes and merely serves to shine them in a bad light."
This is why when companies do include similar statements in their terms of service, he added, they typically have some caveat such as "to the full extent permissible by law."
“There are really no guarantees that a company can offer, we all recognize that," said Glen Segal, CFO at cloud productivity vendorAccellion.“但是,这并不意味着你可以推卸所有的责任隐私,什么一些公司正在尝试做的这是行不通的,从法律的角度来看,它肯定是从商业角度看是行不通的。 -- 尤其是当你在处理孩子的信息。”
Companies should spend more time actually protecting themselves from attacks, instead of trying to protect themselves against liability, said John Gunn, spokesman for security vendorVASCO Data Security.
“在许多司法管辖区,这是不合法的公司从任意改变其条款和条件未经同意通过现有的客户,我们会想象在这种情况下一个相当大的数字被禁止,”他补充说。
“不错的尝试!”杰夫说希尔,在安全厂商渠道营销经理STEALTHbits技术。“至少,人们必须尊重他们的鲁莽。”
然而,企业可以为他们与免责声明造成伤害不仅仅是打歪责任,他说。“还有消费者舒适的购买从一个公司一个产品 - 前场 - 明确disavows为他们的产品对客户坦白影响的任何责任,这只是普通懒惰,显然不能代替一个称职的数据安全方案。”
Now, VTech, in addition to suffering a massive data breach involving children, and being publicly humiliated for its shoddy security, is also facing a public relations nightmare.
“他们与相互作用在任何情况下都保护自己的数字身份,该公司消费者想要信任” Vanita潘迪,在产品总监ThreatMetrix。“这些连接消费者不关心他们的凭据在欺诈者手中如何得到,只有他们做到了。”
同时,家长们继续发布该公司的社交媒体网站冷言冷语,跟上的压力。
“为让所有的客户由于遭到黑客入侵以及有关家长和他们的孩子走出”关于Facebook的消息写一个父伟易达贴出希望客户情人节快乐。“你真伟大,恶心业务,把我们的孩子危害方式!”
这个故事,“伟易达不是数据泄露后方面变化退缩”最初发表CSO 。