X

Hack of toy maker VTech exposes 5 million customers

A hacker got into a customer database for the Learning Lodge app store, where parents can download apps, games and e-books for VTech toys.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
See full bio
Carrie Mihalcik
2 min read
42-30941432-vtech-corbis.jpg

VTech, which makes kids' toys like the Mobigo, said hackers accessed customer info in its Learning Lodge app store database.

 Ruaridh Stewart/Zuma Press/Corbis

VTech, a Chinese company that makes popular electronic toys for kids, had its app store hacked.

An "unauthorized party" accessed customer information in a database for VTech's Learning Lodge app store on November 14, the company said in a statement Friday. The app store lets parents download apps, games, e-books and educational content to VTech toys.

About 5 million customer accounts and "related kids profiles" were affected, VTech said in an updated statement Monday. The database contains customer info including name, email address, password, IP address, mailing address and download history. It does not contain credit card information, the company said.

Motherboard, which first reported the hack, said information on more than 200,000 kids was exposed. The hacked data included kids' first name, gender and birthday, according to Motherboard.

Though hackers can have a variety of motives, similar attacks have resulted in customer data being sold on the Web's black market, allowing criminals to steal goods with another person's identity. Hackers can use stolen data for a range of phishing attacks designed to target people through their email addresses and get them to click on links that trigger malicious software which lets the hackers steal even more sensitive information.

Motherboard was notified of the breach by an unidentified hacker who claimed responsibility. The hacker said he intends to do "nothing" with the data, according to Motherboard. Hackers sometimes break into systems simply to demonstrate that the networks are vulnerable and need to be made more secure.

This VTech data breach is among the largest hacks in recent years. In August, hackers published data from more than 30 million accounts that had been set up on adultery website Ashley Madison. The personal information of an estimated 110 million Target customers was stolen in 2013 by malware installed on the retailer's point-of-sale terminals.

Vtech said it is investigating the hack and has taken steps to prevent future hacks.

The hacked database stored information on customers from the US, Canada, the UK, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand, said VTech.

Update, November 30 at 9:20 a.m. PT: Adds more information from VTech.