Hundreds of thousands of personal information of parents and children have been compromised when V-Tech, a brand of toy from Hong Kong, was hacked over the weekend.
According to Tech Times, data of over 200,000 children, including those from U.S., Canada, Ireland, Germany and Australia, were obtained. The data included first names, email, birthdays and genders. More than 4.8 million of parents' data, including names, email addresses, passwords and home addresses were also hacked.
The hacker has contacted tech news outlet Motherboard over the weekend via an encrypted chat and revealed that V-Tech stores sensitive information on its servers. Aside from personal information, the servers also contained message logs between parents and their kids, as well as photos of the children.
The personal information was from Kid Connect, Vtech's service that lets parents chat with their kids through a mobile app compatible with the Vtech tablet.
The hack didn't include personal data like Social Security numbers, ID card numbers, credit card and driver's license information, Motherboard reported on Monday.
The hacker, whose identity was not revealed, shared more than 3,000 image files with Motherboard as proof of legitimacy. Fortunately, the hacker also said that it is not his intention to sell the data or disclose them to the public.
"Frankly, it makes me sick that I was able to get all this stuff," the hacker reveals to the news outlet through chat.
Motherboard has already requested V-Tech to explain why they store sensitive information in their servers, but so far the company has not provided their comment.
According to Tech Times, the Hong Kong-based toy company is already looking into the matter and is fixing the issue to stop it from happening again.
Meanwhile, cyber security experts said that there will be more breaches, involving digital toys, to come, Reuters reported.
According to Tod Beardsley, a security research manager working at Rapid7 Inc, toymakers are "amateurs in the field of security," the news portal reported. "VTech is a toymaker and I don't expect them to be security superstars," Beardsley said.
Chris Eng, vice president of research at Veracode, a security software maker, also agreed that toy companies don't have consistency when it comes to developing secure software, Reuters continued.
After this breach that left parents and their kids vulnerable, U.S. expressed their determination in digging deeper into the matter, as they believe that hackers will most likely target the same companies.
Various reports stated that the Vtech breach is the fourth largest data breach, alongside the recent Ashley Madison hack.