Personal details of five million kids, plus their parents’ addresses, were exposed in the recent VTech hack, the company has confirmed. Word of the breach broke late last week, with VTech admitting to customers that unknown hackers had cracked the security used on the “Learning Lodge” app store earlier in November.
The database is not only VTech’s product registration system, but a log of each of the child users of its learning tablets and other devices.
Because of that, it was jammed full of personal information. Although credit card details were not among the haul – VTech relies on a third-party for processing payments – the parent’s name, email address, password, secret question and answer for password retrieval, IP address, mailing address, and download history were all stored.
Meanwhile, the childrens’ names, genders, and birth dates were also logged.
The hack, which took place on November 14th VTech says, has triggered an investigation which is still underway. Meanwhile, the company has taken down not only the Learning Lodge store, but a number of sites connected with it.
While social security numbers, drivers license numbers, or ID card details were not among the stored credentials, it’s still possible that phishing attempts could be made using the stolen email addresses.
Sensible practice, as always in the aftermath of a hack like this, is to be suitably suspicious of emails purporting to be from VTech or a company or organization connected with the investigation.