Toymaker VTech hit by largest ever hack targeting kids

Before you go, we thought you'd like these...
Before you go close icon
VTech Says Kids' Photos, Chat Logs Affected by Data Breach

(Reuters) -- A cyber attack on digital toymaker VTech Holdings Ltd exposed the data of 6.4 million children, the company said on Tuesday, in what experts called the largest known hack targeting youngsters.

The Hong Kong-based firm said the attack on databases for its Learning Lodge app store and Kid Connect messaging system affected even more kids than the 4.9 million adults that the company disclosed on Friday.

See below to look back at notable data breaches:

9 PHOTOS
Notable data breaches in the US recently
See Gallery
Toymaker VTech hit by largest ever hack targeting kids
LONDON, ENGLAND - AUGUST 19: A detail of the Ashley Madison website on August 19, 2015 in London, England. Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday fulfilling a threat to release sensitive information including account details, log-ins and credit card details, if Avid Life Media, the owner of the website didn't take Ashley Madison.com offline permanently. (Photo by Carl Court/Getty Images)
Katherine Archuleta, director of the U.S. Office of Personnel Management (OPM), speaks during a House Oversight and Government Reform Committee hearing on the OPM data breach in Washington, D.C., U.S., on Wednesday, June 24, 2015. U.S. senators said yesterday they doubt the government's personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach. Photographer: Andrew Harrer/Bloomberg via Getty Images
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
SCHAUMBURG, IL - AUGUST 04: A statue of a horse stands at the entrance to a P.F. Chang's restaurant on August 4, 2014 in Schaumburg, Illinois. P.F. Chang's China Bistro Ltd. said today that the company experienced a data breach involving customers' credit and debit card information which affected 33 restaurants in 16 states, including the Schaumburg, Illinois location. (Photo by Scott Olson/Getty Images)
PORTLAND, ME - AUGUST 15: Shaws on Congress Street on Friday, July 15, 2014. Shaws parent company is investigating a possible data breach. (Photo by Logan Werlinger/Portland Press Herald via Getty Images)
COLMA, CA - APRIL 18: Customers enter a Michaels art and crafts store on April 18, 2014 in Colma, California. Michaels, the largest arts and crafts chain in the U.S., announced that an estimated 2.6 million cards used at its stores across the country may have been affected by a security breach. Aaron Brothers, a subsidiary of Michaels, was also affected by the breach. (Photo by Justin Sullivan/Getty Images)
CORAL GABLES, FL - FEBRUARY 28: A checkout keypad is seen at a Sears store on February 28, 2014 in Coral Gables, Florida. According to reports the U.S. Secret Service is investigating a possible digital attack at Sears Holdings Corp. (Photo by Joe Raedle/Getty Images)
A couple of shoppers leave a Target store on a rainy afternoon in Alhambra, California on December19, 2013, as the US retail giant said some 40 million customers may have had bank card data compromised by hackers who broke into its database as holiday shopping got underway. Target said there had been 'unauthorized access' to its payment system in US stores affecting credit and debit cards with approximately 40 million credit and debit cards possibly affected by the breach between November 27 and December 15, the company said in a statement. AFP PHOTO / Frederic J. Brown (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)
HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

Security experts said they expected the size of the breach would prompt governments to scrutinize VTech and other toymakers to review their security.

"This breach is a parent's nightmare of epic proportions," said Seth Chromick, a threat analyst with network security firm vArmour. "A different approach to security for all organizations is needed."

Chris Wysopal, co-founder of cyber security firm Veracode, said it could be a wake up call for families in the same way that the hack on infidelity website Ashley Madison earlier this year made adults realize online data might not be safe.

VTech said in a statement on its website that the children's profiles included only name, gender and birth date. Stolen data on their parents included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password.

The United States had the most VTech customers whose data was accessed, followed by France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands.

At least two U.S. states have begun investigations into the attack, along with regulators in Hong Kong.

"This case will lead many toy companies to rethink their security protections for children's data," said Shai Samet, founder of Samet Privacy, which audits toymakers for compliance with the U.S. government's Children's Online Privacy Protection Act.

Technology news site Motherboard, which broke news of the breach last week, reported that the person who claimed responsibility for the hack said "nothing" would be done with the stolen information.

Security experts were skeptical, noting that the stolen data could be worth millions of dollars.

"I wouldn't trust him," said Troy Hunt, a security expert who reviewed samples of stolen data and information about the attack for Motherboard.

"I don't believe the word of anyone who compromises a network," said Justin Harvey, chief security officer with Fidelis Cybersecurity.

Harvey noted that stolen records sell for $1 to $4 in underground markets.

Read Full Story

Want more news like this?

Sign up for Finance Report by AOL and get everything from business news to personal finance tips delivered directly to your inbox daily!

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.

From Our Partners