A Chinese educational toy company with revenues of over US$2 billion has suffered a data breach where the personal information of five million customers, both parents and children, were stolen. VTech products are sold all across the world, including in Australia.
According to the company, the breach occurred on the data base for its Learning Lodge app store where customers can download apps, learning games, e-books and other educational content to VTech products. The database contains user profile information such as name, email address, password, IP address and mailing address. Vtech insisted the database does not contain any credit card information.
A total of around five million customer accounts and, according to Motherboard, that first reported on the breach, more than 200,000 kids have had their information compromised as well. The hacker who claimed responsibility for the hack approached Motherboard about the breach and how he used SQL injection to gain root access to VTech's web and database servers to pull off the attack.
The silver lining is that the hacker said they did not intent to publish the data. However, the attack did expose VTech's inadequacy to protect its IT infrastructure and customer data. For a company that rakes in $2 billion in revenue, this event has caused a significant amount of embarrassment and brand damage.
According to VTech:
" We have reached out to every account holder in the database, via email, to alert them of this data breach and the potential exposure of their account data… "We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future. Our Privacy Statement can be found on our website here. The investigation continues as we look at additional ways to strengthen the security of all on-line services provided by VTech. We will provide further updates as appropriate in the future."