Previous Story
Five million customers affected by Vtech database hack
Posted On Dec 01 2015
Comment: Off
Name, email address, mailing address, IP address, password, and download history are the customer data contained in the database. No password information was taken, and no credit card info was affected either.
Personal details of five million kids, plus their parents’ addresses, were exposed in the recent VTech hack, the company has confirmed.
It is possible to link those 200,000 kids to their parents, exposing their full identities and home addresses, according to Motherboard. The company said that after it discovered the attack, it immediately conducted a thorough investigation and implemented measures to defend against any further attacks.
VTech stresses its customer database doesn’t include any credit card information or social security numbers.
The firm sells a range of electronic products ranging from toy cars and interactive garages to cameras, games, e-books and tablets. He verified a sample of the stolen data leaked over the Internet, which includes sensitive user information such as names, genders, date of births along with addresses. “We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future”, said VTech in a statement. The company assures users in a statement that no payment information was accessed, as the site directs customers to a secure, third-party payment gateway during the check-out process.
Earlier in August, hackers published data from more than 30 million accounts that had been set up on adultery website Ashley Madison.
Vtech publicly announced the hack this morning, though it completely failed to mention just how severe the hack was, or how many people were affected by the attack. However, the data obtained by the hackers could potentially be combined with additional personal information on the victims and then used to create detailed profiles.
Speaking to the BBC, professor Alan Woodward, a cybersecurity and covert communications expert at Surrey University, said that the data breach was likely achieved through an SQL injection.
