Popular Chinese toymaker VTech recently revealed that it was the target of a successful data breach that took place on November 14.
According to reports, data belonging to some 4.8 million parents and over 200,000 children have been swiped. It included pivotal and private information such as names, email addresses, passwords and home addresses of parents; as well as birthdays, first names and genders of kids have been swiped as well. It does not contain credit card information, social security numbers, or driver’s license numbers, the company said.
The criminals behind the hack made their way into the user database through the company's Learning Lodge app store, wherein games, books, music and other educational content for VTech toys can be downloaded. Hackers also accessed the customers IP addresses and download histories, according to the company.
While hackers can have a variety of motives, such attacks have resulted in customer data being sold on the Web's black market, allowing criminals to steal goods with another person's identity.
Hackers can use the data stolen for a range of phishing attacks created to target people through their email addresses leading them to click on links that activate malicious software which allows the hackers steal even more sensitive information.
What’s worse is that the toy maker was not aware of the security breach until the alleged hacker himself reported it to Motherboard. The hacker claims to have gained access to the database through SQL injection. From there, the attacker is said to have gained root access to the company’s web and database servers. The hacker said he has no intentions of releasing or selling the data. Sometimes hackers attack the system just to demonstrate that the networks are vulnerable and need to be made more secure.
If the numbers of exposed accounts that are reported are accurate, the VTech hack would be among the largest breaches in recent years. The toy maker responded to the breach with a statement claiming to have already fixed the relevant vulnerabilities and provided email support to the affected customers.
Earlier in August, hackers published data from more than 30 million accounts that had been set up on adultery website Ashley Madison.
The toy maker said the hacked database stored information on customers from the following countries: US, Canada, the UK, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.