After Ashley Madison, Anthem cracks, hackers accessed 4.8M VTech users' personal info in another 2015 large-scale consumer data breach
The database of VTech's Learning Lodge app store has been breached by an unauthorized party compromising the personal details of its users, the Hong Kong company that creates and supplies electronic and educational toys for children announced via a press release.
The app store is where VTech product owners can download apps, learning games, e-books and other educational content. The customer database holds numerous general user profile information, which includes name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.
According to Motherboard, there could be around 5 million parents and more than 200,000 kids who are affected in the hacking. And, according to one expert, there is a possibility that the children's identities and exact whereabouts could be exposed in the breach by linking them to their parents' personal details.
The data obtained by the hackers may also include the children's first names, genders and birthdays. Motherboard first learned of the incident even before VTech did when the hackers who claimed responsibility for the cyberattack provided files containing sensitive data. It was only then that VTech learned of the breach after Motherboard reached out to the company for comments.
This unfortunate incident is already considered as the fourth largest consumer data breach in history according to the website Have I Been Pwned. The top 10 list also includes the hacking on Ashley Madison this 2015 involving more than 30 million accounts. Earlier this year, Anthem, an American health insurance company, lost about 80 million records to data breach.
VTech Holdings Limited said that they are now currently investigating the matter and assured its customers that they are implementing security measures to prevent another incident of data breach in the future.
"Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks," VTech wrote.
"The investigation continues as we look at additional ways to strengthen our Learning Lodge database security. We are committed to protecting our customer information and their privacy."
The company also confirmed that its customer database did not include any credit card information or other personal identification data, such as ID card numbers, Social Security numbers or driving license numbers. Customers concerned about the possible security breach from their payment transaction or check-out process were assured by VTech that they use a secure third party payment gateway for their protection.