Children’s toy maker VTech recently revealed that personal data belonging to nearly five million customers was compromised in a security breach that took place on November 14.
VTech said an unauthorized party accessed its Learning Lodge app store database containing general user profile information including name, e-mail address, encrypted password, secret question and answer for password retrieval, mailing address, IP address and download history. The company emphasized that no payment card information was accessed.
In an exclusive interview with Motherboard, the alleged hacker said they gained access to the database via SQL injection. From there, the attacker claimed to have gained root access to the company’s web and database servers. The hacker has no intentions of releasing or selling the data, we're told.
VTech admits it wasn’t even aware of the attack until “a Canadian journalist” asked about the incident.
The toy maker said the compromised database includes customer data from the following countries: USA, Canada, United Kingdom, Republic of Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.
Motherboard notes that data belonging to 4,833,678 parents was compromised. The dump also includes the first names, genders and birthdays of more than 200,000 children. An expert who viewed the data said it’s possible to link the children to their parents, thus exposing the kids’ full identities.
VTech said it has since fixed the security hole.
Those wanting to check and see if they’re among the victims can do so at Have I Been Pwned, a site maintained by security expert Troy Hunt.
Image courtesy VTechToys, YouTube
https://www.techspot.com/news/62949-children-toy-maker-vtech-hacked-data-millions-families.html
