VTech Holdings, a digital toy maker, reported a cyberattack that breached information of approximately 4.8 million adults and more than 200,000 children, according to Motherboard.
Advertisement
VTech says hackers may have stolen millions of their customers personal information.
It did not contain any credit card information, Vtech said, but it did store the “name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history” of customers.
After working closely with Motherboard, Australian security specialist Troy Hunt wrote a blog post on Saturday, explaining that Vtech had very poor security protocols in place. The company also states that it’s now reaching out to individual customers listed in the database via email, telling them of the hacking and the possibility of their exposed information.
The Hong Kong-based company disclosed the breach of a customer database late last week, but didn’t say until Monday how many people could be affected.
Even more troubling, according to documentation provided by the hacker to Motherboard, it appears that VTech also left at least 190GB of kids’ photos, and chats between parents and kids, stored and vulnerable on its servers.
The firm also reiterated Monday that its customer database does not contain any credit card information or personal identification data such as ID card numbers, Social Security numbers or driver’s license numbers. “Hardware manufacturers really don’t value software skills – I would imagine because they don’t see any immediate positive impact to their bottom line”, Salibra said. Hunt added that the security flaws could have been identified by VTech “if only they’d looked”.
“We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future”, Vtech said in a statement.
Advertisement
Earlier this morning, VTech gave a status update, describing that the initial breach occurred on November 14.
