VTech says the personal records of 4.8 million children and their parents have been breached by hackers. The personal identifiers mentioned in the company’s report include names, e-mail addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories.
Advertisement
According to a past statement from VTech, kids’ birthdays, names, genders and similar profile information was compromised.
An attack on children’s toy and electronics company Vtech allowed a computer hacker to access pictures of customers’ children, according to Vice Media’s Motherboard section.
Vtech didn’t actually learn about the hack until 23-24 November, when it received an email from a Canadian journalist asking about the incident.
In a press release issued on Monday, the Hong Kong based company announced it had taken down some vulnerable portals “as a precautionary measure”.
The alarming breach, apparently perpetrated by a white hat hacker on a mission to reveal cracks in VTech’s security protocols, was first uncovered by Motherboard.
VTech, the maker of tablets and gadgets aimed at children, confirmed 5 million accounts were impacted by a breach of an app store database uncovered by the company earlier this month.
The company stressed it was “important to note that our customer database does not contain any credit card or banking information” nor social security numbers. Customers use Learning Lodge to download apps, learning games and e-books to VTech products such as learning tablets. Motherboard points out that it would be possible to link the children to their parents, exposing their home addresses and last names.
Security experts said the attack, which was disclosed on the crucial Black Friday start of the holiday USA shopping season, was noteworthy because it had exposed data of children.
The hack impacted worldwide users of VTech’s app store, Learning Lodge, which has been temporarily shut down while an investigation is ongoing.
Advertisement
“Taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people”, Hunt wrote in his blog. We will update this post with any response.
