The hacker claiming responsibility for the breach appears to have only shared the information with Motherboard and says he is going to do “nothing” with the data, the publication reports.
Advertisement
It also includes headshots of children, chat logs between parents and their children, first names, genders and birthdays of more than 200,000 kids. A popular toymaker was hacked last week, exposing the personal information of millions of customers.
Larry Salibra, chief executive of bug-testing platform provider Pay4Bugs, said that it looks like VTech failed to properly secure sensitive data by encrypting it to be hard to unscramble and useless if stolen.
In its apology, VTech said it has suspended the affected Learning Lodge service, and is notifying customers.
According to PC Magazine a hack of the company’s Learning Lodge database took place on November 14 which exposed email, passwords and home addresses of 4.8 million adults.
The breached database contains user profile information including names, passwords, mailing addresses and “secret questions” for password retrieval, according to the company. The company said that data on about 6.4 million children worldwide was exposed as hackers accessed personal info in more than a dozen countries via their products.
VTech did not respond to requests for comment on the state probes or the Motherboard reports, which Reuters could not independently verify.
Security experts who have reviewed the data say that it is possible to link children’s information with their parents’ data, thereby revealing the kids’ full addresses and other information. “Technology is much better in the toy aisle, and it’s really inspiring young kids to play but also bringing older kids to things like radio control and role play items”.
Advertisement
VTech has reached out to every account holder in the database, via email, to alert them of the breach and the potential exposure of their account data.
