Children's Pictures, Chat Logs Also Obtained in VTech Hack

December 3, 2015, Written By Natalie Rutledge

Last Friday, VTech, a company that manufactures Internet-enabled tablets and gadgets for kids, announced an unauthorized party had accessed its Learning Lodge app store database.

Since that initial announcement, the severity of the breach has been revealed. Initially, the company admitted the personal information of 6.3 million customers had been accessed, including names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories.

However, the hacker told Motherboard that the company had also left other sensitive data on its servers, including thousands of kids’ pictures and chat logs between parents and children. The hacker claimed to have downloaded more than 190 GB of photos. Even though some were blank or duplicates, there are 2.3 million Kid Connect users, so it’s likely there were tens of thousands of unique headshots.

This data was available trough VTech’s Kid Connect service, which allows parents to use their smartphone to chat with their kids via their VTech Tablet. The company encourages adults and children to take pictures of themselves within the app.

The chat logs, pictures and recordings can easily be traced to usernames, which allows anyone with the hacked data to identify the people in the photographs.

The hacker said it was not his intent to sell or publish the information.

”Frankly, it makes me sick that I was able to get all this stuff,” the hacker told Motherboard’s Lorenzo Franceschi-Bicchierai in an encrypted chat. ”VTech should have the book thrown at them.”

The company said in a November 30 announcement that, as a precautionary measure, it has suspended Learning Lodge and a number of its other websites for security assessment and fortification.

Meanwhile, Rosen Law Firm announced today it is investigating potential claims on behalf of VTech customers. The law firm is claiming the security of VTech’s databases was inadequate. In fact, the company admitted that its “Learning Lodge, Kid Connect and PlanetVTech databases were not as secure as they should have been.”

The information contained within this article was accurate as of December 3, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.

About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at [email protected]
View all posts by Natalie Rutledge