Previous Story
Info on 5 million VTech customers and kids exposed in breach
Posted On Dec 02 2015
Comment: Off
Hong Kong-based electronics toymaker VTech Holdings Ltd. (VTKHY.PK) said that information about at least 6.4 million children had been exposed in a recent data breach.
The majority of the people hacked – more than 2.2 million parents and almost 2.9 million kids – are in the U.S. The hacks were spread across more than a dozen countries, including France, the United Kingdom and Germany.
In a press release, the company stated that the customer database includes name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history.
VTech’s statement said that the children’s profiles that were accessed included the user’s name, gender and birth date.
The alarming breach, apparently perpetrated by a white hat hacker on a mission to reveal cracks in VTech’s security protocols, was first uncovered by Motherboard. Learning Lodge allows its customers to download apps, learning games, e-books and other educational content to their VTech products.
“I wouldn’t trust him”, said Troy Hunt, a security expert who reviewed samples of stolen data and information about the attack for Motherboard.
But VTech said it couldn’t confirm whether the hackers did capture photos and chats between children and their parents, which was originally reported by Motherboard. The hacker was also able to obtain chat logs, images of children and their parents through the company’s Kid Connect service, besides obtaining details of the children.
The hacking serves as a reminder to parents to be careful about what kinds of information about their children they enter into on Internet-connected devices.
While customers’ credit card data was not compromised, the identifying information of some 200,000 children was also exposed. It is expected VTech will be subjected to government scrutiny in relation to its security practices due to the scope of the breach. Through a spokeswoman, VTech declined comment beyond the company statement.
On Monday, VTech suspended 13 of its websites and said the affected customers were notified.
