‘In total about 5 million customer accounts and related kids profiles worldwide are affected’.
Advertisement
A Chinese educational toy company with revenues of over US$2 billion has suffered a data breach where the personal information of five million customers, both parents and children, were stolen. At that time, VTech said they did not know about the breach until Motherboard brought it to their attention. Through the Learning Lodge website installed on InnoTab tablets, parents could download apps, music, books and games for children after registering an account for each member of the family.
VTech joins a growing list of companies who have been subject to major data breaches including retailer Target in the U.S., website Ashley Madison, and Sony.
The information stolen in the VTech hack, such as the names of children, could also be used to make phishing email more convincing, according to Ashbel.
However, according to VTech, credit card information belonging to its customers is not stored on Learning Lodge. There were over 200,000 records for children, including their “first names, genders and birthdays”.
A “white hat” hacker contacted a tech journalist last week to report they had hacked into the database and managed to get names, passwords, secret password retrieval questions and answers, home addresses of adults and profile pictures of children users.
When Motherboard reached out to VTech for comment, the company’s spokesperson responded, “We were not aware of this unauthorized access until you alerted us”.
The company stressed it was “important to note that our customer database does not contain any credit card or banking information” nor social security numbers. The hacker told Motherboard that he or she gained access to VTech’s database via SQL injection.
The office of Connecticut’s attorney general said on Monday that it planned to investigate the breach, the Associated Press reported.
The hacker claiming responsibility for the breach told Motherboard he or she had no plans to do anything with the data.
Advertisement
VTech’s customer data housed on its Learning Lodge app store database was hacked two weeks ago.
