(November 30, 2015) — Now the hackers are going after kids.
Educational toymaker VTech, which sells tablets, baby monitors and educational software, said Monday that the personal information of five million people — customers and their kids — has been compromised.
The company said the security breach hit its Learning Lodge online store, where customers can download apps, ebooks and games. User profile information includes names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download history.
The hack also exposed information about kids, including names, genders and birthdates.
According to a report from Vice, the toymaker also left thousands of photos of parents and kids and chat logs stored online in a way that was “easily accessible to hackers.”
The data is from the company’s Kid Connect service that allows parents to use a smartphone app to chat with kids using a VTech tablet. A hacker who spoke to Vice said he was able to download 190GB worth of photos.
VTech said that no credit card information was compromised, and that the database doesn’t contain social security numbers or drivers licenses.
“Due to a breach of security on our Learning Lodge website, we have temporarily suspended the site,” said a message on the Learning Lodge site Monday.
The company added that it has taken measures “to defend against further attacks.”
Troy Hunt, a blogger, said that he discovered the hack and reported it to VTech.
“I suspect we’re all getting a bit too conditioned to data breaches lately,” he wrote at troyhunt.com. “Unless it’s our children’s identities, that’s a whole new level. When it’s hundreds of thousands of children’s names, genders and birthdates, that’s off the charts.”
The hack includes customers in the USA, Canada, United Kingdom, Republic of Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.