Toymaker data breach exposed over 6M kids

Toymaker data breach exposed over 6M kids
© Getty Images

The digital toymaker VTech on Tuesday said that the data of over 6.3 million children was exposed in a hack that also compromised almost 5 million parent accounts.


The company initially revealed the breach on Friday, but declined to disclose how many children’s profiles were affected. Motherboard, which uncovered the breach, reported that the dump included the data of at least 200,000 children.

“Regretfully our database was not as secure as it should have been,” VTech said in a statement updated Tuesday. “Upon discovering the breach, we immediately conducted a comprehensive check of the affected site and have taken thorough actions against future attacks.”

The information exposed for children includes names, gender and birthdates. Security experts who have reviewed the data say that it is possible to link children’s information with their parents’ data, thereby revealing the kids’ full addresses and other information.

Stolen data for the parents includes mailing and email addresses, security questions used for password resets, IP addresses, passwords and download histories.

The hacker claiming responsibility for the breach appears to have only shared the information with Motherboard and says he is going to do “nothing” with the data, the publication reports.

Chat logs between parents and children were also inappropriately accessed, as well as photos of children, according to Motherboard.

”Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard via encrypted chat. ”VTech should have the book thrown at them.”

VTech declined to confirm or deny the reports, citing an ongoing investigation. It says that the messages and images are encrypted.

The hack impacted worldwide users of VTech’s app store, Learning Lodge, which has been temporarily shut down while an investigation is ongoing.