Menu
Toy maker VTech says breach hit 6.4 million kids' accounts

Toy maker VTech says breach hit 6.4 million kids' accounts

Most affected accounts were in the U.S.

Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.

The total number of accounts affected is nearly double that reported last week by the security news site Motherboard, which interviewed a hacker who claimed credit for the breach.

Most of the account holders were in the U.S., including 2.2 million parents and 2.8 million children, VTech said Wednesday in Hong Kong, where the company is based. France, the U.K., Germany and Canada round out the top five countries hit, VTech said in an updated FAQ.

Data breaches have been become a top worry as cybercriminals and hackers probe online systems for weaknesses, resulting in massive breaches of payment card systems, health care data and U.S. government personnel records.

VTech's breach stands out because it affected millions of children. The profile data leaked included their names, genders and birth dates.

Reuters reported that the attorney generals of Illinois and Connecticut planned to investigate the breach, which occurred Nov. 14. And Hong Kong's privacy commissioner for personal data said he would check whether VTech was following data privacy principles.

VTech's toys include color touchscreen tablets for kids similar to Apple's iPad. The InnoTab 3 has a camera, and can record video and audio and download apps.

Motherboard also reported that photos of children and parents had been exposed, as well as chat logs. VTech said it couldn't confirm that images were leaked, but Motherboard published partially obscured images that it said it obtained from the hacker.

VTech said images on its servers are encrypted using the 128-bit Advanced Encryption Standard algorithm.

Chat logs from a VTech messaging service called Kid Connect are also believed to have been exposed, as well as some audio files. VTech said the chat logs were not encrypted, but that the audio files were encrypted using AES 128.

AES is considered a secure cryptographic algorithm and is widely used by the U.S. government. It's unclear how Motherboard or the hacker would have been able to decrypt the images, since brute-force attacks are nearly impossible.

The security of the encrypted files and images, however, depends on how well VTech protected the private decryption keys, and the release of images raises the question of whether the hacker obtained those as well.

The breach affected the customer database for Learning Lodge, an app store for VTech's devices, as well as the Kid Connect servers. VTech has suspended both services and 13 websites.

The company plans to hired a security consultancy firm to conduct a forensic investigation and "help us to design a new more secure approach to our data security," it said.

Of the 11.6 million accounts affected, 4.8 million belong to parents. The parent data included names, email addresses, weakly hashed passwords, secret questions for password retrieval, IP addresses, mailing addresses and download history. No payment information was compromised.

The leaked data doesn't appear to have been used for criminal purposes yet, VTech said. Since the breach was of its servers, VTech said there doesn't appear to be a risk of children being tracked while using its devices.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments