What should I do if I think my kid's device has been hacked?
As soon as kids create an online account for their new device, their data is only as secure as the service that's protecting it. All companies are vulnerable to attack, but some companies' security is better than others. For example, after the toy manufacturer VTech was breached, the company was criticized for disregarding state-of-the-art security measures. This stuff isn't usually obvious to typical users (much less to kids!). But if you suspect your kid's device or any online account has been hacked, here are some steps to take:
- Double-check. If you suspect you've been hacked, go to Have I Been PWNed? Using this site, you can see whether your usernames or passwords have been compromised in recent data breaches.
- Disable the account. This might be obvious, but you should delete the breached account on any other devices that access it. You may have an app for your kid's Internet-enabled toy on your smartphone or tablet, for example. Get rid of all the software associated with it by uninstalling it completely.
- Check linked accounts. The breached account may be linked to other programs -- for example, anything that lets your kid play or chat with other users. Check the settings and delete those connections.
- Change your passwords on all sites that require logins. This is time-consuming, but you never know what the hackers have access to. Use a password manager (such as LastPass or 1Password) to store your passwords, or write them down and keep them in a locked drawer.
- Establish a fraud alert on your credit report. The Privacy Rights Clearinghouse explains how to do this and offers more steps to take if and when your personal data gets compromised.
- Consider creating a credit freeze for your child. Identity theft of kids is on the rise, because their histories are "clean." Learn more about how to do a credit freeze.
Of course, prevention is always better than cleaning up after a hack. Here are a few things to look for when you and your kid create any personal profiles using a device, computer, or Internet-enabled toy:
- Look for an "s" in the Internet address. Does the URL begin with "https"? The "s" on the end means there's an extra layer of security on the website. Make sure that "s" is there both before and after your kid logs in.
- Do a password check. Pretend your kid has forgotten his or her password. Does the site display the password or email it to him or her? If so, the password is not securely protected. Sites that send a link prompting you to create a brand-new password are safer.
- Check sharing settings. If kids are creating websites, sending messages, or creating other shareable content online, make sure the privacy settings are as strict as possible. You can test this by pasting your kid's website URL into a new browser to test what it looks like to the public.
- Skip anything that's not required. Plenty of companies will ask for more information than they really need. If you can register without it, don't offer it up. And be especially careful with social security numbers.
- Create strong -- really crazy -- passwords, and never share them. Guessable passwords that spell out real words make your account vulnerable. Use these tips for creating good ones.
- Tell your kids to be careful with their information. Instruct them to get your help when filling out online forms. If they create profiles on school computers, make sure they know what to keep private: phone numbers, addresses, social security numbers, jersey numbers, and so on.
- Be careful with downloads and other links. Spyware, malware, and other nasties can be embedded in unassuming downloads. Keep your virus protection up to date, and make sure kids get permission before downloading.