Massive Hack on Toy Company is ‘Off the Charts’ Says Security Analyst

Digital toymaker VTech Holdings Ltd said on Tuesday that data on about 6.4 million children was exposed in a hack of information on customers in more than a dozen countries.

The news comes just as the holiday shopping season is kicking into gear and kid’s smartwatches and tablets made by companies such as VTech are expected to be high on children’s wish lists.

Kid’s technology maker VTech says the personal information of about 5 million of its customers and their children may have been stolen by hackers.

It did not contain any credit card information, Vtech said, but it did store the “name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history” of customers.

But VTech said it couldn’t confirm whether the hackers did capture photos and chats between children and their parents, which was originally reported by Motherboard. On Friday, VTech had stated that 4.9 million adults were affected by the breach, which targeted the maker’s Kid Connect messaging system and Learning Lodge app store. Through a spokeswoman, VTech declined comment beyond the company statement.

It reiterated no credit card or social security data had been stolen in the breach. A security researcher recently warned that the Wi-Fi-enabled “Hello Barbie” is vulnerable to hackers and could be used to spy on children.

And the hacker told Motherboard they had accessed archived chat logs but were not planning to release them.

“VTech should have the book thrown at them”. Information on parents was also compromised, with that including IP/email/mailing addresses, names, and more. “Clearly manufacturers should be taking greater care over data security and privacy, but parents should also be more careful with their children’s personal information”, he explained in an email to FoxNews.com.

Vtech has also suspended 13 websites following the hacking of its Learning Lodge app database.