Hackers have compromised the personal data of nearly 5 million people with accounts on the website of Vtech, a Hong Kong-based electronics company specializing in educational toys geared towards children.
Names, homes addresses and other information belonging to more than 4.8 million Vtech customers in countries worldwide, including the United States, were accessed by unauthorized persons as the result of a breach that occurred earlier this month, the company confirmed Friday.
In addition to having compromised the details of adults who had registered their products on the web, other information accessed in the hack includes the names, genders and birthdays of more than 200,000 children, as well as passwords pertaining to millions of Vtech customer accounts, Motherboard reported.
While Vtech stated that the stolen password credentials had been encrypted, Troy Hunt, an online security specialist who runs the website Have I Been Pwned, claimed a hacker could crack the vast majority of them “in next to no time.”
“I’ve got two little kids, and as a father, this really made me think about the footprints I’ll make for them online,” Mr. Hunt wrote. “Despite the frequency of these incidents, companies are just not getting the message: taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people,” he said.
In a statement, Vtech stressed that the database accessed by hackers did not contain any credit card details, Social Security numbers or other particularly sensitive personal information, but only “general user profile information.”
“Nevertheless, Mr. Hunt said that the stolen data can without a doubt provide a bad actor with more than enough dirt to use to their advantages.
“When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well — along with their home addresses — and you can link the two and emphatically say ’Here is 9-year-old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question),’ I start to run out of superlatives to even describe how bad that is,” he wrote.
Have I Been Pwned, Mr. Hunt’s online repository for data breach details, described the VTech hack as being the fourth-largest compromise of consumer data to date.
Please read our comment policy before commenting.