Children's Photos Among Data Stolen in Hack of Toy Maker VTech

Children's Photos Among Data Stolen in Hack of Toy Maker VTech
Image credit: Vtech Toys | Facebook

It’s a parent's worst nightmare: Photos of their kids’ smiling faces stolen by a stranger online, along with identifying information including their names, genders, birth dates, mailing addresses and the contents of their private chats.

Thanks to a security breach at toy maker VTech, that nightmare just became a reality for thousands of parents.Yesterday, the children’s toymaker admitted that it’s on the hook for exposing all of the above private data, plus additional personal information.

The alarming breach, apparently perpetrated by a white hat hacker on a mission to reveal cracks in VTech’s security protocols, was first uncovered by Motherboard. The anonymous hacker told the publication that she has no intention of publishing or selling the stolen data. Her sole aim, she says, is to raise awareness and alert parents.  

Related: What Every Online Business Needs to Know About the Children's Online Privacy Protection Act

“Frankly, it makes me sick that I was able to get all this stuff,” she told Motherboard. “VTech should have the book thrown at them.”

In addition to eyeing a flurry of proprietary personal data, she claims she accessed tens of thousands of photos of kids and parents on VTech’s servers, many of them headshots.

The Hong Kong-based electronics giant confirmed in a statement that a Nov. 14 hack of its “Learning Lodge” app store database betrayed the intimate details of nearly 5 million adult customer accounts, including IP and email addresses, passwords, login secret questions and answers and device download histories. The statement does not mention the theft of photos.

Related: What Entrepreneurs Should Know About the Laws Protecting Children Online

While customers’ credit card data was not compromised, the identifying information of some 200,000 children was also exposed. Learning Lodge enables VTech product users -- mainly kids -- to download educational games, ebooks and apps to their Internet-connected VTech toys.

If not for Motherboard’s investigation into the anonymous hacker’s claims, VTech might never have picked up on its servers’ vulnerabilities. VTech claims it has since corrected its server susceptibilities and says it is taking added steps to bolster security. The company has also emailed every customer in its Learning Lodge database to inform them of the hack.

Related: Classroom Tech Delivers 'No Noticeable Improvement' in Student Performance, Study Finds

Edition: October 2016

Get the Magazine

Limited-Time Offer: 1 Year Print + Digital Edition and 2 Gifts only $9.99
Subscribe Now