As many as 5 million accounts and 200,000 child accounts were targeted, the company said.
Advertisement
VTech Holdings Ltd., the Hong Kong maker of digital learning toys and cordless phones, said Tuesday that information about at least 6.4 million children had been exposed in a recent data breach.
VTech says hackers may have stolen millions of their customers personal information. Customers use Learning Lodge to download apps, games, e-books and other content to VTech products.
The hack impacted worldwide users of VTech’s app store, Learning Lodge, which has been temporarily shut down while an investigation is ongoing. “When it includes their parents as well – along with their home address – and you can link the two and emphatically say ‘Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)’, I start to run out of superlatives to even describe how bad that is”.
The information exposed for children includes names, gender and birthdates.
The hacker told Motherboard he or she used SQL injection to gain access to the company’s database, “an ancient, yet extremely effective, method of attack”, according to Motherboard. “For instance, does an early learning device really need to be told your child’s real date of birth?” Through a spokeswoman, VTech declined comment beyond the company statement.
The largest number customers whose data was accessed were in the United States, followed by France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands.
Advertisement
The company added that no credit card information was involved, and it has taken measures “to defend against further attacks”. ToyTalk, which worked with Mattel to create “Hello Barbie”, downplayed the claim in a Tumblr post Thursday.
