Vtech – the company which markets baby monitors and toys such as Flipsies Dolls and Switch & Go Dinos – has confirmed that about 5 million customers have been caught up in a data theft which occured late last week.
The company has suspended 13 websites following the hacking of its Learning Lodge app database, with global customers – including those in the UK, US, France and China – being affected.
The hacked database included a raft of customer data, including details about children, although it did not contain any credit card information. Vtech said customers’ names, email addresses, encrypted passwords, secret question and answers for password retrieval, IP addresses, mailing addresses and download histories had all been compromised.
“The Vtech breach illustrates one of the major issues facing us today,” Tod Beardsley, security engineering manager at Internet security firm Rapid7 told the BBC.
“With the Internet of Things, companies of all sorts are rapidly morphing into information technology companies, but without the hard-won security learnings that traditional infotech companies now enjoy. It’s tough to be both a toy manufacturer and a mature technology company with a robust security programme.
“This is not just a challenge for companies that are just now entering tech, but a challenge for the security industry to communicate effectively, and quickly, to these companies who haven’t yet earned their security stripes the hard way.”