December 2nd, 2015
What's the issue?
VTech Holdings Limited announced that on November 14th, 2015 an unauthorized party accessed VTech's customer database which includes customers and children's information from VTech's Learning Lodge, Kid Connect and PlanetVTech accounts. The information that was on the breached database contained "general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history." VTech assures that no credit card or payment information was in the breached database. However, the database did store children's information including name, genders, birthdates and profile pictures. In addition, Kid Connect, an app that allows parents to chat with the child from a smartphone to a VTech tablet, stored audio recordings and images encrypted by AES128, and unencrypted undelivered messages.
As many as 4.8 million customer accounts and 6.3 million kid profiles worldwide have been affected. In Canada that means 237,949 customer and 316,482 kid profiles have been affected by this data breach.
How did it happen?
At this time, the investigation on this data breach is on-going, and how the hackers were able to penetrate VTech's databases are unknown. However, VTech did release this statement, "Regretfully our Learning Lodge, Kid Connect and PlanetVTech databases were not as secure as they should have been."
What should I do?
If you are a customer with a VTech's Learning Lodge, Kid Connect or PlanetVTech account, it is important to change your password and security answers to any account that uses the same information, even for accounts on different sites. VTech has suspended all affected sites, so you may not have access to change your account information, further actions will be advised once the websites are reactivated.
As for VTech toys with Learning Lodge app, VTech says "our investigation to date suggests the breach is on the server, not on the device itself. There is no evidence to suggest the toys are not safe at this time."
If you have any questions you can send your inquiries to firstname.lastname@example.org.
A Concrete Way to Protect Your Kids Online from Larry Keating's (CEO, NPC) guest blog on the Huffington Post