In a mid-November attack on VTech server databases, a hacker was able to obtain the personal information of more than 200,000 children and nearly 5 million parents who were users of VTech’s Learning Lodge app store. VTech is a Chinese company that sells educational toys such as tablets, phones, smartwatches and baby monitors for kids as well as ebooks, games and apps for its electronic products.
The hacker was able to access customer names, email addresses, account security information (such as encrypted passwords and secret questions and answers), IP addresses, home addresses and download histories. The intruder also gained access to the first names, genders and dates of birth of the hundreds of thousands of children.
Potentially most upsetting to parents is that child and parent data can be cross-referenced to find out which user is the parent of which child. In short, the children’s full identities have been exposed, including their residential information.
The attacker who breached the company’s servers reached out to tech news blog Motherboard with proof of the forced entry, showing files that contained personal data extracted from VTech servers. Using an old but effective method known as SQL injection, the attacker was able to get full administrative access into VTech databases. The hacker told Motherboard that the extracted data will remain unpublished and out of the public eye.
VTech confirmed the data breach shortly after Motherboard alerted the company about the attack. The company also said it has thoroughly investigated the incident and has placed safeguards against future attacks. Reiterating its commitment to protecting the privacy of its customers, VTech also assured users that its database does not store personally identifiable customer data such as ID card numbers, social security numbers or driver’s license numbers and credit card information. The Learning Lodge app store does not save credit card data or process credit card transactions; instead it employs a secure, third-party payment gateway.
You can protect the integrity of your personal data online by following simple steps to protect your online privacy. Stay abreast of the latest privacy scams and concerns with Techlicious' ongoing coverage of safeguarding your privacy and security online.
[Image credit: boys playing on tablet via Shutterstock]
