Menu
Toy maker VTech says breach hit 6.4 million kids' accounts

Toy maker VTech says breach hit 6.4 million kids' accounts

Most affected accounts were in the U.S.

Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.

The total number of accounts affected is nearly double that reported last week by the security news site Motherboard, which interviewed a hacker who claimed credit for the breach.

Most of the account holders were in the U.S., including 2.2 million parents and 2.8 million children, VTech said Wednesday in Hong Kong, where the company is based. France, the U.K., Germany and Canada round out the top five countries hit, VTech said in an updated FAQ.

Data breaches have been become a top worry as cybercriminals and hackers probe online systems for weaknesses, resulting in massive breaches of payment card systems, health care data and U.S. government personnel records.

VTech's breach stands out because it affected millions of children. The profile data leaked included their names, genders and birth dates.

Reuters reported that the attorney generals of Illinois and Connecticut planned to investigate the breach, which occurred Nov. 14. And Hong Kong's privacy commissioner for personal data said he would check whether VTech was following data privacy principles.

VTech's toys include color touchscreen tablets for kids similar to Apple's iPad. The InnoTab 3 has a camera, and can record video and audio and download apps.

Motherboard also reported that photos of children and parents had been exposed, as well as chat logs. VTech said it couldn't confirm that images were leaked, but Motherboard published partially obscured images that it said it obtained from the hacker.

VTech said images on its servers are encrypted using the 128-bit Advanced Encryption Standard algorithm.

Chat logs from a VTech messaging service called Kid Connect are also believed to have been exposed, as well as some audio files. VTech said the chat logs were not encrypted, but that the audio files were encrypted using AES 128.

AES is considered a secure cryptographic algorithm and is widely used by the U.S. government. It's unclear how Motherboard or the hacker would have been able to decrypt the images, since brute-force attacks are nearly impossible.

The security of the encrypted files and images, however, depends on how well VTech protected the private decryption keys, and the release of images raises the question of whether the hacker obtained those as well.

The breach affected the customer database for Learning Lodge, an app store for VTech's devices, as well as the Kid Connect servers. VTech has suspended both services and 13 websites.

The company plans to hired a security consultancy firm to conduct a forensic investigation and "help us to design a new more secure approach to our data security," it said.

Of the 11.6 million accounts affected, 4.8 million belong to parents. The parent data included names, email addresses, weakly hashed passwords, secret questions for password retrieval, IP addresses, mailing addresses and download history. No payment information was compromised.

The leaked data doesn't appear to have been used for criminal purposes yet, VTech said. Since the breach was of its servers, VTech said there doesn't appear to be a risk of children being tracked while using its devices.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments