The app is a portal for buyers to get games, e books and other content to their Vtech devices.
Advertisement
According to a statement posted on Friday from VTech Holdings Limited, a hacker was able to access customer data found on its Learning Lodge app store database.
About the customer data which has been breached by the hackers, VTech said that the customer information contained in the database for the company’s app store includes customers’ names, email addresses, passwords, mailing addresses, IP addresses, and download history.
The company said that no credit card information was obtained in this hack.
In short, this security breach has revealed that sensitive and private information on almost five million families was poorly protected from crooks and identity thieves – families in the US, Canada, United Kingdom, Republic of Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand, we’re told.
In an email sent directly to affected customers, Vtech’s president King F. Pang notified Learning Lodge users of the hack, and that certain bits of user information was compromised, including IP addresses, passwords, and mailing addresses. In addition, information on the birthdays, first names, and genders of over 200,000 children was exposed.
Vtech has provided email support for any of their affected customers.
What’s more, reports the Register, is the toy maker uses an incredibly weak form of password encryption known as MD5, which allows for the easy cracking of simplistic passwords, such as “Welcome123”.
Because the company makes children’s electronics, it requires parents to make an account for their children so that they can do things like download books or games.
Advertisement
“If preliminary reviews are proper then they should really be using their site connection to their sources offline quickly until they correct the problem and can learn how this is completed”. As for the passwords, they were stored in a format only slightly more preferable than plain text. The company said that it started an investigation after a journalist asked about a breach on Monday, November 23, nine days after the hack apparently happened.
