Motherboard reports that Chinese toy manufacturer VTech – which had almost $2 billion in revenue in the last financial year – suffered a data breach earlier this month, when criminal hackers attacked one of its servers.
The personal data of 4,833,678 parents who use VTech’s Learning Lodge app – including their “names, email addresses, passwords, and home addresses” – was exposed, as were “the first names, genders and birthdays of more than 200,000 kids.”
Learning Lodge allows customers to download apps, games, eBooks and learning content for VTech products.
Motherboard says: “The hacker who claimed responsibility for the breach provided files containing the sensitive data to Motherboard last week. VTech then confirmed the breach in an email on Thursday, days after Motherboard reached out to the company for comment.”
In a statement, VTech said:
“It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.
“In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).”
VTech’s updated FAQ page now confirms that Kid Connect, which “allows parents using a smartphone app to chat with their kids using a VTech tablet” was affected as well as the Learning Lodge app. In total, “6,368,509 kid profiles worldwide” were compromised by the breach, including 2,894,091 children in the US. “Kid profiles”, VTech notes, “only include name, gender and birthdate.” Further information can be found here: http://www.vtech.com/en/media/faq-about-data-breach-on-vtech-learning-lodge/.