VTech said in a statement today that it believes the unauthorized party had accessed users’ profile information, including names, email addresses, home address, IP address, download history and secret questions and answers for password retrieval.
Advertisement
The hack impacted worldwide users of VTech’s app store, Learning Lodge, which has been temporarily shut down while an investigation is ongoing.
Vtech makes electronic toys that help to educate kids, but those gadgets for tots can be hacked just like any other computer, apprently. Breach after breach has proven this beyond any doubt, he said.
Reporters at Motherboard have obtained images which it reports are head shots of the toy manufacturer’s customers, found on the servers of VTech.
According to a report from Vice, the toymaker also left thousands of photos of parents and kids and chat logs stored online in a way that was “easily accessible to hackers”. Customers use Learning Lodge to download apps, learning games and e-books to VTech products such as learning tablets.
The hack that exposed the personal information of children and their parents is worse than expected.
The database also reportedly held information about children’s birthdates, names and genders. From there, the attacker is said to have gained root access to the company’s web and database servers.
The hacked database included a lot of customer data, including some details about children, and the company was told about the breach by a journalist.
While the hacker indicates no plans to do anything with the data, he or she did tell Motherboard somebody else may have gotten to it first.
“We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future”, said the company in its statement.
The attacker who breached the company’s servers reached out to tech news blog Motherboard with proof of the forced entry, showing files that contained personal data extracted from VTech servers.
Advertisement
However, VTech insists no customer bank details were stolen. Hunt added that the security flaws could have been identified by VTech “if only they’d looked”.
