Children's toy maker VTech hacked, data on millions of families compromised

By Shawn Knight
Nov 28, 2015
Post New Reply
  1. Children’s toy maker VTech recently revealed that personal data belonging to nearly five million customers was compromised in a security breach that took place on November 14.

    VTech said an unauthorized party accessed its Learning Lodge app store database containing general user profile information including name, e-mail address, encrypted password, secret question and answer for password retrieval, mailing address, IP address and download history. The company emphasized that no payment card information was accessed.

    In an exclusive interview with Motherboard, the alleged hacker said they gained access to the database via SQL injection. From there, the attacker claimed to have gained root access to the company’s web and database servers. The hacker has no intentions of releasing or selling the data, we're told.

    VTech admits it wasn’t even aware of the attack until “a Canadian journalist” asked about the incident.

    The toy maker said the compromised database includes customer data from the following countries: USA, Canada, United Kingdom, Republic of Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.

    Motherboard notes that data belonging to 4,833,678 parents was compromised. The dump also includes the first names, genders and birthdays of more than 200,000 children. An expert who viewed the data said it’s possible to link the children to their parents, thus exposing the kids’ full identities.

    VTech said it has since fixed the security hole.

    Those wanting to check and see if they’re among the victims can do so at Have I Been Pwned, a site maintained by security expert Troy Hunt.

    Image courtesy VTechToys, YouTube

    Permalink to story.

  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    VTech forgot to quote, "We take the security of our customers data very, very seriously" because that seems to be the standard response. Well maybe they did but nobody listens to that sob story anymore.
    Last edited: Nov 30, 2015
    Hexic and EClyde like this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...