VTech, the Hong Kong toymaker sitting at the centre of a massive public cyber attack, has revealed more details about the hack that hit its database earlier this month.
Initial reports from the toymaker put the number of exposed accounts at 4.8m, with 200,000 details of children potentially at risk. However, this number has now soared with 6,368,509 children’s accounts affected.
VTech has admitted that 16 countries have been affected – though a shadow of doubt is cast over this number as the toy maker has listed Latin America as a single country.
The USA is the country hit hardest by the hack, with 2,894,091 children’s accounts breached, while France follows closely behind with 1,173,497 children’s accounts breached.
Children in the UK have also been hit hard, with 727,155 accounts included in the attack.
The toymaker failed to discover the November 14 breach, only acting 10 days later after being contacted by a journalist. Customers were only informed of the hack 13 days later on November 27.
The only saving grace of the cyber attack is that it appears no credit card information or personal identification data was included in the hacked data.
However, kids profiles including names, gender and birthdays, as well as profile pictures and messages, were in the breached data.
Ross Brewer, VP and managing director at LogRhythm, said: "If jeopardising the security of parents and children’s personal data wasn’t enough, it’s now been revealed that VTech potentially left thousands of photos, as well as archived chat logs, on insecure servers.
"In an adult world, this would be the equivalent of a hacker accessing and stealing your photos and conversations from Facebook."
In recent analysis by CBR, the dangers of such data being in the hands of hackers was highlighted, with children’s information potentially being used for identity theft and grooming. Click here to read the full analysis.