VTech, a manufacturer of Electronic toys and educational material has officially confirmed that nearly 10 million accounts which includes around 6.3 million profiles of Kids all over the world has been affected by the data hack of its app store. The accounts of maximum parents and kids were from UK, US, China and France. Other countries were Canada, Belgium, Germany, Spain, Australia, New Zealand, Denmark, Ireland and Netherlands. The app store offered by VTech allowed downloading e-books, games and images to customers on their VTech devices.
Immediately after knowing about the hack of its app database, VTech suspended 13 websites. The security breech has prompted calls to have stricter laws for companies to protect their customer’s data.
The company admitted that its app store having the database of customers was hacked as it was not secure enough, which made it prone to this attack by the hackers. It said that action has been taken to secure it against any future attacks.
The hacked data contained personal information like names, passwords, email IDs, secret questions as well as their answers for retrieval of password, mailing addresses, IP addresses, and also the download history. But none of the customer’s credit card information or any personal identification data such as driving license details or ID card details have been compromised.
In a statement, VTech said: “Regretfully our Learning Lodge, Kid Connect and PlanetVTech databases were not as secure as they should have been. Upon discovering the breach, we immediately conducted a comprehensive check of the affected site and have taken thorough actions against future attacks. All other VTech online systems have not been affected”.
The hacked information is most likely to be used by the hackers to trick the customers of VTech to further reveal their personal details such as credit card by sending phishing mails which will appear like it has been sent officially from the company.
When asked about the leak of photos of kids and the chats between parents and children, the company said that the images and the audio files were encrypted by AES128, but the chats were without any encryption. “Our security protocols require that only undelivered messages are stored temporarily in our server. These messages are set to expire in 30 days,” Vtech added.