If you’re a customer of the Vtech Learning Lodge website, a site that allows you to download kid friendly videos, games, apps and e-books via your computer or Vtech tablet, then you may be needing an urgent password change soon.
The Vtech Learning Lodge is one of the most popular websites when it comes to finding child-suitable downloadable goodies, and hackers have managed to breach the sites security and get their hands on a large amount of customer information, in what is being described as one of the largest privacy breaches to strike the Internet.
According to the latest reports, around 5 million Vtech customers have been affected, including from the UK and US, and that gives the popular toy company the dubious honour of being victims to the 4th largest online consumer data breach ever, according to industry commentators HaveIBeenPwned.com.
The toy company have been quick to reassure their customers that no banking information has been compromised, but this is where the good news stops, it would seem.
What has been stolen is personal customer information, including names of parents, names of children, email addresses, encrypted passwords, mailing addresses and download history.
So, basically an identity thieves treasure chest. And all the more frightening because it is the details of children that have been exposed as well.
It isn’t clear if Vtech have actually managed to contact all of the affected customers, though they claim that they have “reached out” to anyone who was potentially compromised, and given that the breach occurred on November 14th – and Vtech only found out about it on November 27th – this isn’t doing much to repair their damaged reputation.
So what to do next if you’re a Vtech Learning Lodge customer?
First, check if you have any legitimate emails from Vtech waiting for you via the email address you signed up with on the Learning Lodge website. These emails may tell you if Vtech think your data was compromised.
If you have an account on the Learning Lodge, then keeping your eyes peeled for suspicious behaviour is vital, as there may be cyber-criminals out there with your personal information. In particular, be wary of suspicious emails coming into your inbox containing information that was exposed in the customer breach that we outlined above.
Also be wary of emails that appear to come from Vtech and ensure that if they contain links, that they lead to the real Vtech website and not a spoof website that could be used to phish more sensitive information about you.
Remember, identity thieves are more likely to fool their victims when they can demonstrate that they know their personal information, giving their scams a more personal touch. You may be able to see if you were affected on the HaveIBeenPwned website by entering your username or email address you used with Vtech.
Will we be seeing more attacks like this?
The incident highlights a problem with Internet security that isn’t going to go away any time soon, and that is that an increasing number of companies are being trusted with our most personal information, and these companies are not going to all be on the same page in terms of Internet security, with many of them relatively new to the cyber-age and the security concerns that go with it.
Vtech is a toy company, not a veteran, high-tech security company, and it appears the ease of which hackers were able to extract personal information from the Learning Lodge website demonstrates that the company did not utilise modern security procedures.
Many have suggested more punitive action for companies that fail to protect their users privacy including hefty fines.
If you need to contact Vtech, they have published a list of emails below that will depend on where you’re living. At the time of writing, the Learning Lodge website is unavailable.
Australia and New Zealand: firstname.lastname@example.org
Hong Kong: email@example.com
Other countries and regions: firstname.lastname@example.org