DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VTECH Hack Exposes Data on More Than 200,000 Kids and Almost 5M parents (update2)

Posted on November 27, 2015 by Dissent

Lorenzo Franceschi-Bicchierai reports:

The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets, Motherboard has learned.

The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids.

What’s worse, it’s possible to link the children to their parents, exposing the kids’ full identities and where they live, according to an expert who reviewed the breach for Motherboard.

Read more on Motherboard.

VTECH’s statement says, in part:

VTech Holdings Limited today announced that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.

[….]

Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.

For reasons that defy logic, Lorenzo used Have I Been Pwned to declare this the fourth largest consumer data breach to date. It’s not even close to that, and Troy Hunt’s site, while a valuable resource, is not a good resource for determining largest breaches.  A breach affecting less than 6 million probably wouldn’t even make the top 20. Update: After I contacted him on Twitter, Lorenzo is fixing that part of his report.

Update 2: See Troy Hunt’s excellent piece on how he verified this breach and the concerns it raises on Ars Technica.

 

Category: Business SectorHackNon-U.S.Of Note

Post navigation

← GA: Hundreds of DeKalb teachers’ personal information exposed
Netherlands: data breach notification duties in effect January 2016 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.