Toy Maker VTech Hack Exposes Families' Information

Chinese children's electronic toy maker VTech revealed Friday that it's app store was accessed by an "unauthorized party" on Nov. 14, potentially exposing its customers' information.

The party in question had accessed VTech's Learning Lodge app, which allows customers to download apps, games, e-books and educational content to VTech toys, the toy maker said.

It's not clear how many people were affected by the hack, but Motherboard, which first reported the incident, noted nearly 5 million parents and more than 200,000 kids were exposed.

The company has assured its customers that no financially-based information, like credit card information or social security numbers, was exposed. However, the hacked data does include costumers' names, email addresses, passwords, IP addresses, mailing addresses and download history.

Furthermore, the names, genders and birthdays of the children were exposed.

VTech responded to the breach in a press release, claiming to have already fixed the vulnerabilities that led to the hack and provided email support for any affected customers. "The investigation continues as we look at additional ways to strengthen our Learning Lodge database security," the company concluded. "We are committed to protecting our customers' information and their privacy, to ensure against any such incidents in the future."

Despite already claiming to have solved the problem, many experts have taken exception to the incident as a whole, placing all the blame on VTech, according to BBC News.

"If that is the case then it really is unforgivable - it is such an old attack that any standard security testing should look for it," said Alan Woodward, cyber security expert at Surrey University, surmising that VTech was subjected to a hacking technique known as SQL injection.

"When it's hundreds of thousands of children including their names, genders and birthdates, that's off the charts," security expert Troy Hunt wrote. "When it includes their parents as well - along with their home address - and you can link the two and emphatically say 'Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)', I start to run out of superlatives to even describe how bad that is."

Tags
App store, Hack, Data Breach, Information, Addresses, IP address
Real Time Analytics