Parents: If you are thinking about purchasing a VTech electronic toy for your child this Christmas, you may want to cross it off the list. The company has finally publicly addressed the November 14 breach of the Learning Lodge database — and the details are any mom or dad’s worst nightmare. VTech Holdings Ltd. announced that the data of 6.4 million children and 4.9 million adults was stolen from the servers of the Hong Kong-based company. The Learning Lodge, the Kid Connect network, and multiple VTech websites have been temporarily suspended while the company conducts a security assessment.
VTech Data Breach: What the Hackers Stole
Most VTech customers affected by the data breach are in the United States, France, the United Kingdom, Germany, and Canada. VTech said the stolen information includes:
- Parent account information: full names, e-mail addresses, secret questions/answers for password retrieval, IP addresses, mailing addresses, download histories, and encrypted passwords
- Child account information: full names, genders, and birthdates.
The hacker, who requested anonymity, spoke with Motherboard and said they were also able to get their hands on thousands of pictures of parents and kids, chat logs, and even audio recordings. To verify that statement, the hacker sent Motherboard 3,832 image files. VTech will not confirm the validity of what the hacker has shared and will only say their investigation is on-going and they cannot confirm at this stage.
While the amount of information stolen is alarming, parents do not have to worry about their credit cards. VTech assures that their Learning Lodge database does not contain credit card information and they do not process or store payment information on that website. When making payments, customers use a secure, third party payment gateway.
What This Means for Child Identity Theft
The hacker responsible for the VTech data breach has said that they do not intend to publish or sell the data.
“Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard via encrypted chat. “VTech should have the book thrown at them.”
Security experts, however, are not quick to believe the hacker — stolen records can be sold for $1 to $4 a piece in underground markets. With over 11 million identities compromised, this thief is sitting on a potential goldmine.
This security breach is undoubtedly a wake up call for parents everywhere. Most children are thrilled to receive electronic gadgets and toys with network connectivity, but how safe are they?
Concerned about your child’s identity? Add ChildWatch to your IdentityForce membership and we’ll alert you if we come across any suspicious activity.
Image courtesy of Flickr user Upsilon Andromedae.