Toy Maker VTech Hacked: Data of 4.8 Million Parents And 200000 Children Exposed
VTech, a company that makes electronic learning products, reported a data breach that they say occurred on their Learning Lodge (app store) database on November 14.
VTech, A Chinese company which manufactures educational toys for kids has reported that the database of its app store has been breached. An “unauthorized party” accessed customer information in a database for VTech’s Learning Lodge app store on November 14, the company said in a statement. The app store lets parents download apps, games, e-Books and educational content to VTech toys.
the database contains customer data including name, email address, password, IP address, mailing address and download history. It does not contain credit card information, the company said.
While the victim company has not disclosed the number of affected people, Motherboard, which first reported the hack has estimated that information on nearly 5 million parents and more than 200,000 kids was exposed. The hacked data included kids’ first name, gender and birthday.
Though hackers can have a variety of motives, similar attacks have resulted in customer data being sold on the Web’s black market, allowing criminals to steal goods with another person’s identity. Hackers can use stolen data for a range of phishing attacks designed to target people through their email addresses and get them to click on links that trigger malicious software which lets the hackers steal even more sensitive information.
Motherboard was notified of the breach by an unidentified hacker who claimed responsibility. The hacker said he intends to do “nothing” with the data, according to Motherboard. Hackers sometimes break into systems simply to demonstrate that the networks are vulnerable and need to be made more secure.
If the number of exposed accounts reported by Motherboard is accurate, the VTech hack would be among the largest breaches in recent years. In August, hackers published data from more than 30 million accounts that had been set up on adultery website Ashley Madison. The personal information of an estimated 110 million Target customers was stolen in 2013 by malware installed on the retailer’s point-of-sale terminals.
“Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks,” according to a statement posted by VTech on their website.
The hacked database stored information on customers from the US, Canada, the UK, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand, said VTech.