200,000 Children Exposed In VTech Hack
Nearly 200,000 children who use products of Hong Kong-based VTech have been exposed in an online security breach along with details of nearly 5 million parents.
According to PC Magazine a hack of the company's Learning Lodge database took place on November 14 which exposed email, passwords and home addresses of 4.8 million adults. The hacker was also able to obtain chat logs, images of children and their parents through the company's Kid Connect service, besides obtaining details of the children.
Motherboard broke the news of the hack and showed censored images the hacker was able to obtain. The hack was performed using SQL injection in forms to gain access. A security assessment of the hack by independent security expert Troy Hunt revealed lapses in the security systems of the company. For instance, Hunt reportedly found that would VTech did not use SSL web encryption for data transmission. He also established it was possible to link children to their parents, revealing where the children live.
VTech said in a press release that the company investigated the hack, adding that financial information was not lost.
"It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website," the company said.
"The investigation continues as we look at additional ways to strengthen our Learning Lodge database security."