Electronic toy maker VTech’s Learning Lodge, the company’s app store database, has been compromised. The security breach, which occurred earlier this month, has been deemed among the biggest hacks ever documented.
The incident exposed the private information of nearly 5 million parents and more than 200,000 children.
According to Motherboard, the hacked personal information of the Chinese company’s customers include names, passwords, email addresses and home addresses of 4,833,678 parents as well as the first names, birthdays and genders of their children.
It is worth mentioning that the leaked information makes it possible to link the kids to their parents, as revealed by an expert who assessed the consumer data breach for Motherboard.
The website Have I Been Pwned, a well-known repository of data breaches over the Web, listed the hacking incident as the fourth largest ever recorded as of the moment.
The hacker told Motherboard of the security breach, and even handed over files containing the confidential data. Motherboard then reached out to VTech.
The toy maker confirmed the breach over an email it sent out to Motherboard on Thursday, Nov. 26, indicating that an illegal party accessed VTech customer data on its Learning Lodge app store customer database last Nov. 14.
“We were not aware of this unauthorized access until you alerted us,”said Grace Pang, VTech’s spokesperson.
When asked about the real purpose in obtaining the data, the hacker said “nothing.” The hacker even said that the data has only been shared with Motherboard, albeit a possibility exists that the data could have been sold to someone else.
In an email sent by VTech to its customers, it said that upon learning of the unauthorized access, it carried out an in-depth investigation right away, which involved an extensive check of the app site and implementation of steps to safeguard its website against future attacks.
The digital toy company highlighted that its customer database did not consist of social security numbers and credit card or banking details.
However, it confirmed that the database incorporates customers’ name, email address, secret question and answer for password retrieval, encrypted password, mailing address, download history and even IP address.