December 2, 2015

Share Everywhere

VTech Hacker Steals Information from 6.4 Million Children

Parents: If you are thinking about purchasing a VTech electronic toy for your child this Christmas, you may want to cross it off the list. The company has finally publicly addressed the November 14 breach of the Learning Lodge database — and the details are any mom or dad’s worst nightmare. VTech Holdings Ltd. announced that the data of 6.4 million children and 4.9 million adults was stolen from the servers of the Hong Kong-based company. The Learning Lodge, the Kid Connect network, and multiple VTech websites have been temporarily suspended while the company conducts a security assessment.

VTech Data Breach: What the Hackers Stole

Most VTech customers affected by the data breach are in the United States, France, the United Kingdom, Germany, and Canada. VTech said the stolen information includes:

  • Parent account information: full names, e-mail addresses, secret questions/answers for password retrieval, IP addresses, mailing addresses, download histories, and encrypted passwords
  • Child account information: full names, genders, and birthdates.

The hacker, who requested anonymity, spoke with Motherboard and said they were also able to get their hands on thousands of pictures of parents and kids, chat logs, and even audio recordings. To verify that statement, the hacker sent Motherboard 3,832 image files. VTech will not confirm the validity of what the hacker has shared and will only say their investigation is on-going and they cannot confirm at this stage.

While the amount of information stolen is alarming, parents do not have to worry about their credit cards. VTech assures that their Learning Lodge database does not contain credit card information and they do not process or store payment information on that website. When making payments, customers use a secure, third party payment gateway.

What This Means for Child Identity Theft

The hacker responsible for the VTech data breach has said that they do not intend to publish or sell the data.

“Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard via encrypted chat. “VTech should have the book thrown at them.”

Security experts, however, are not quick to believe the hacker — stolen records can be sold for $1 to $4 a piece in underground markets. With over 11 million identities compromised, this thief is sitting on a potential goldmine.

This security breach is undoubtedly a wake up call for parents everywhere. Most children are thrilled to receive electronic gadgets and toys with network connectivity, but how safe are they?

Concerned about your child’s identity? Add ChildWatch to your IdentityForce membership and we’ll alert you if we come across any suspicious activity.

Image courtesy of Flickr user Upsilon Andromedae.

Melanie Medina

Sr. Director of Digital Marketing at IdentityForce
Melanie is a native of Bolivia who has lived in Boston for over 10 years. She likes to make time to travel, jog, read, and play backgammon. Fueled by copious amounts of coffee, Melanie stays on top of her to-do list while also keeping abreast of identity theft issues. Serious data breaches are happening all the time in the U.S. and Melanie loves being part of a solution that brings peace of mind to families across the country.