Vtech makes electronic toys that help to educate kids, but those gadgets for tots can be hacked just like any other computer, apprently.
The company has recently confirmed about 4.8 million parents and more than 200,000 children were affected in a wide-sweeping data breach. Customers living in the US, UK, and across the world had their data stolen from Vtech's Learning Lodge, including names, emails, and passwords.
Following the hacking of its Learning Lodge app database, Hong Kong-based Vtech began suspending 13 websites and simulatenously alerting the public on 27 November. You're probably wondering what you need to do from here.
Well, allow us to answer all your burning questions...
Vtech hack: What was compromised and when?
On 14 November, an "unauthorised party" (aka a hacker) accessed VTech customer data stored on the toy maker's Learning Lodge app store customer database. Learning Lodge allows customers to download apps, games, e-books, and other educational content to VTech products.
Vtech didn't actually learn about the hack until 23-24 November, when it received an email from a Canadian journalist asking about the incident. After receiving the email, Vtech said it "carried out an internal investigation and detected some irregular activity" on the Learning Lodge site. Once it confirmed the hack, Vtech said it began informing customers on 27 November.
Vtech hack: Did the hack include personal identification data?
The breach did not contain personal identification data, such as ID card numbers, Social Security numbers, driving license numbers, or even credit card information. But the hacker(s) did gain access to customers' general user profile information, including things like their names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses, and download histories.
Vtech hack: How big is this breach?
The VTech hack is now the fourth-largest consumer data breach, according Have I Been Pwned, which is a well-known repository of data breaches. That means this hack falls directly behind the recent ones carried out on Adobe, Ashley Madison, and 000webhost.
Vtech hack: How dangerous is this breach?
Motherboard first reported the breach after coming in contact with the hacker who claimed responsibility for the breach (he/she provided files packed with sensitive data to Motherboard). It claimed this dump included the first names, genders, and birthdays of kids - and it is possible to link these children to their parents, thus exposing the kids’ full identities and where they live.
Vtech hack: So, what's Vtech doing about this now?
Vtech said it conducted a "comprehensive check of the affected site" in late November and claims to have already taken "thorough actions" against future attacks. It posted this statement on the company website and promises to add "additional notices when appropriate".
Vtech hack: What do you need to do?
Vtech hasn't explicitly explained what customers should do right now. It also hasn't provided a way for customers to lookup whether they're one of the 5 million affected. It only invited all customers to review its Privacy Statement.
It also set up various emails - listed below - to handle any enquiries.
- US: email@example.com
- Canada: firstname.lastname@example.org
- France: email@example.com
- Germany: firstname.lastname@example.org
- Netherlands: email@example.com
- Spain: firstname.lastname@example.org
- UK: email@example.com
- Australia and New Zealand: firstname.lastname@example.org
- Hong Kong: email@example.com
- Other countries and regions: firstname.lastname@example.org
Want to know more?
Keep checking back because we plan to update this piece over time.