VTech, a company that creates “electronic learning products” for infants through to preschoolers, has had their customer database breached.
Almost five million accounts worldwide, both parental and child accounts, may have been breached.
This includes more than 23,000 child and 18,000 parent accounts belonging to Australians, VTech has now revealed.
VTech sells childrens’ tablets, baby monitors and “electronic learning toys”, some of which can be connected to the “Learning Lodge” app store to buy content and upgrades. It is the database behind Learning Lodge that has been breached.
The information stored in the database includes photos, message logs, names, ages, genders, passwords, and IP and mailing addresses. The hacker claiming responsibility says children’s headshots were accessible.
“Frankly, it makes me sick that I was able to get all this stuff,” the hacker told a journalist from Motherboard. “VTech should have the book thrown at them.”
Although VTech has not confirmed exactly what has been stolen, they insist a lot of the data is strongly encrypted.
“…we can confirm these images are encrypted by AES128” their website reads.
“…audio files are encrypted by AES128, whereas chat logs are not encrypted.”
After the breach, VTech suspended Learning Lodge and are reviewing their security. The company says there is no evidence that the actual toys are unsafe, but the investigation into the breach is ongoing.
Concerned customers in Australia and New Zealand are encouraged to email [email protected] The full list of contact emails can be found here.