Vtech is best known as a maker of electronic learning devices for children, and late last week it confirmed that data belonging to customers of its Learning Lodge portal was breached in a recent hack.
Advertisement
The breached database contains user profile information including names, passwords, mailing addresses and “secret questions” for password retrieval, according to the company. The data includes kids’ birthdays and home addresses, as well as their parents’ passwords and password hints.
Following the hacking of its Learning Lodge app database, Hong Kong-based Vtech began suspending 13 websites and simulatenously alerting the public on 27 November.
Motherboard reported on Monday that the hackers also stole photos and chat logs from VTech’s Kid Connect service, which allows adults to use their smartphones to chat with kids using VTech tablet.
The incident points to increased worry about children’s privacy as they, like their parents, put more of their personal information online to use modern toys or social networks.
The news site Motherboard said a hacker claimed responsibility for the attack but said he planned to do “nothing” with the data. Kid-friendly smartwatches and tablets may block a child’s access to most of the Internet, but they are still potential targets for hackers. “The investigation continues as we look at additional ways to strengthen the security of all on-line services provided by VTech”.
The fact that credit card information wasn’t stolen doesn’t comfort Jeff Hill, channel marketing manager at security firm STEALTHbits. “When it’s hundreds of thousands of children’s names, genders and birthdates, that’s off the charts”.
“Frankly, it makes me sick that I was able to get all this stuff”, the hacker told Motherboard via encrypted chat. However, the attack did expose VTech’s inadequacy to protect its IT infrastructure and customer data.
The VTech hack is now the fourth-largest consumer data breach, according Have I Been Pwned, which is a well-known repository of data breaches. Discovered ten days later, it involved customer data stored on VTech’s Learning Lodge app store database.
Advertisement
The hack occurred on November 14, according to the Times.
