On November 14, there was a security breach in electronics manufacturer VTech’s Learning Lodge app store database. The Hong Kong company, known for its vast selection of educational toys and cordless phones, learned of the unauthorized access 10 days later. It was alerted by “an email from a Canadian journalist asking about the incident.”
The Learning Lodge storefront provides downloads, games, e-books and other educational content for customers.
The database contains profile information such as names, email addresses, passwords, mailing addresses, and download history. Vtech maintains that it does not process or store credit card information on the Learning Lodge site. Customers who make purchases are directed to a secure third-party site to complete their transactions.
Customer data from countries throughout the globe was compromised, including information from Europe, North America, and Asia. In the latest press release, VTech states that nearly five million customer (parent) accounts and over six million kid profiles were affected by the breach.
The company defends itself by saying that this was “a criminal act and a well-planned attack” and it also mentions the involvement of a “skilled hacker.”
The company was not able to confirm whether or not the hacker(s) were able to access photo, chat logs, or audio files of children and their parents, particularly through the Kid Connect app.
Vtech reports that it has conducted a “thorough investigation” and will take steps to prevent a similar attack in the future. It recently announced that it is retaining the services of FireEye’s Mandiant Incident Response, described as “one of the world’s leading cyber forensics teams,” to assist in this endeavor. Vtech’s methods of data collection will be subjected to particular scrutiny.
The company also took down the Learning Lodge site, and it is still nonfunctional as of this writing.
“We are deeply shocked by this orchestrated and sophisticated attack on our network. We regret that users of Learning Lodge, Kid Connect and PlanetVTech, some of whom are colleagues, friends and families, are also affected,” said CEO Alan Wong.