Previous Story
Including personal info of children
Posted On Dec 02 2015
Comment: Off
VTech is a maker of tech-toys including tablets and other electronic devices for educational purposes.
“It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website”, the company said.
Hackers accessed information like passwords, IP addresses, physical addresses as well as the gender and ages of children, photos of children, and some chat data.
The Hong Kong-based firm said the attack on databases for its Learning Lodge app store and Kid Connect messaging system affected even more kids than the 4.9 million adults that the company disclosed on Friday.
The company confirms that a hacker broke into its database and took account information of over 4 million users, including profile photos of children. The company was quick to point out that the database did not include any personal identification data such as ID card numbers, Social Security numbers or driver’s licence numbers. This is believed to be the largest hack involving data belonging to children. However, what makes this breach all the more troubling is the involvement of children.
If not for Motherboard’s investigation into the anonymous hacker’s claims, VTech might never have picked up on its servers’ vulnerabilities. While devices like kid-friendly smartwatches and tablets may block a child’s access to the bulk of the Internet, they’re still a potential target for hackers.
After working closely with Motherboard, Australian security specialist Troy Hunt wrote a blog post on Saturday, explaining that Vtech had very poor security protocols in place. “It was pretty easy to dump, so someone with darker motives could easily get it”, the hacker told Motherboard in an encrypted chat. A VTech spokeswoman told Motherboard the company was unaware of the breach until the Motherboard journalist reached out to them for a comment.
VTech Holdings Ltd. says it has contacted all of the affected users by email and has temporarily suspended its Learning Lodge website and some others as a precaution.
