On Monday, VTech claimed that about 200,000 children accounts were part of the breach, but in an updated statement on Tuesday, the company admitted that millions were affected.
Advertisement
The attorney-generals of CT and IL in the United States have said they would probe the breaches, though their representatives declined to comment on the focus of their inquiries.
Reporters at Motherboard have obtained images which it reports are head shots of the toy manufacturer’s customers, found on the servers of VTech. Hackers gained access to VTech’s Learning Lodge, an online portal where users register for accounts and download apps and e-books. Information about children, such as names, genders, and birth dates, have also been taken.
VTech said that no credit card information was compromised, and that the database doesn’t contain social security numbers or drivers licenses. It says the compromised data included “user profile information including name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history”.
The good news is that according to VTech’s press release, their database doesn’t contain credit card information. The hacking resulted in the exposure of almost five million customers personal information.
Hong Kong Privacy Commissioner for Personal Data Stephen Wong said his office had initiated a “compliance check” to see if VTech had followed data privacy principles. However, if the hacker was in fact able to use as simple a method as an SQL injection, the concern is that this vulnerability may have been exposed before and kept quiet by those with more malicious intent.
“This is a first-where we are actually seeing someone going after children”, and Vishwanath said the eleven million hacked accounts may be just the beginning, “This number could be a lot bigger”.
It appears that VTech did hash the data, a technique that scrambles the information and makes it harder to process, but even hashing isn’t infallible.
Is Vtech contacting affected customers?
The hacker, whose identity was not revealed, shared more than 3,000 image files with Motherboard as proof of legitimacy.
Advertisement
A downloadable software program for children called “Learning Lodge”, marketed by VTech, is the latest target of a massive online hacker attack.
