Kids’ Info is Exposed in Toymaker Hack

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK (CNNMoney) — Now hackers are going after kids.

Educational toymaker VTech, which sells tablets, baby monitors and educational software, said Monday that the personal information of millions of customers and their kids has been exposed.

VTech said the accounts of more than 4.8 million parents and the profiles of their 6.4 million kids were affected.

Hackers were able to pull childrens’ photos, chat logs and other personal data stored in VTech accounts, according to blogger Troy Hunt, who tracks data security breaches and said he was the first to notify VTech about the hack.

But VTech said it couldn’t confirm whether the hackers did capture photos and chats between children and their parents, which was originally reported by Motherboard.

“The systems were so insecure that deeply personal information was very easy to see,” Hunt told CNNMoney.

Other accessible data included children’s names, genders and birthdates — along with account email addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download history.

The majority of the people hacked – more than 2.2 million parents and nearly 2.9 million kids – are in the U.S. The hacks were spread across more than a dozen countries, including France, the U.K. and Germany.

The company said the security breach hit its Learning Lodge online store Tuesday, where customers can download apps, ebooks and games.

VTech said Friday that it “conducted a thorough investigation.”

On Monday, VTech suspended 13 of its websites and said the affected customers were notified.

The company added that no credit card information was involved, and it has taken measures “to defend against further attacks.”