VTech, which makes kids toys like the Mobigo, said hackers accessed customer info in its Learning Lodge app store database.
Ruaridh Stewart/ZUMA Press/Corbis
VTech, a Chinese company that makes popular electronic toys for kids, had its app store hacked.
An “unauthorized party” accessed customer information in a database for VTech’s Learning Lodge app store on November 14, the company said in a statement Friday. The app store lets parents download apps, games, e-books and educational content to VTech toys.
The database contains customer data including name, email address, password, IP address, mailing address and download history. It does not contain credit card information, the company said.
VTech has not said how many customers were affected, but Motherboard, which first reported the hack, said information on nearly 5 million parents and more than 200,000 kids was exposed. The hacked data included kids’ first names, genders and birthdays, according to Motherboard.
VTech did not respond to a request for more information.
While hackers can have a variety of motives, similar attacks have resulted in customer data being sold on the Web’s black market, allowing criminals to steal goods with another person’s identity. Hackers can use stolen data for a range of phishing attacks designed to target people through their email addresses and get them to click on links to steal even more sensitive information.
Motherboard was notified of the breach by an unidentified hacker who claimed responsibility. The hacker said he intends to do “nothing” with the data, according to Motherboard.
If the number of exposed accounts reported by Motherboard is accurate, VTech would be among the largest hacks in recent years. In August, hackers published data from more 30 million accounts on adultery website Ashley Madison. The personal information of an estimated 110 million Target customers was stolen in 2013 by malware installed on the retailer’s point-of-sale terminals.
Vtech said it is investigating the hack and has taken steps to prevent future hacks.
The hacked database stored information on customers from the US, Canada, UK, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand, said VTech.