Emerging Threats

Up to 5 million VTech user accounts of parents and children may have been compromised in data breach

Authored by a Symantec employee


​This week, VTech, a global company that manufactures Internet connected learning products for young children announced that they have been involved in a massive data breach. The company’s learning devices, such as a smartwatch and smartphone, allow kids to take and send photos, send text and voice messages and download apps via VTech’s Learning Lodge.

The data breach occurred via the Learning Lodge website, where users sign up for an account and can download apps, e-books, educational content and more for their Internet connected devices. The company states that the

cybercriminals compromised 4,854,209 customer (parent) accounts and 6,368,509 related child profiles worldwide. The compromised database contains full names, email addresses, passwords, and answers to the password retrieval questions. Luckily, the compromised database does not contain financial information such as credit card numbers, social security numbers or license numbers. Child profiles are unlike adult profiles and only include name, gender and birthdate. In addition to the personally identifiable information that was compromised, so were personal photos, chats and voice memos of children and their parents.

What Can I Do?

While data breaches aren’t easily preventable on the consumer side, there are a few actions you can take in the wake of a data breach in order to help keep yourself protected. If you feel that you have been impacted in this data breach, here are a few steps you can take to help mitigate any further damage:

  • Passwords are oftentimes difficult to remember, so users may use the same password across multiple sites. If you do this practice, change your passwords on any sites that use the same email, secret question and answer, and password combination immediately. Be sure that each password is unique to each site. Once hackers have obtained email addresses and passwords, they will try to use them on other websites in order to gain access to unrelated accounts, such as financial services. If passwords are a bit tricky to manage, Norton can help. You can learn more about safe passwords and password managers.
  • If you haven’t yet, visit the company’s website to view the press release on the breach. Additionally, they have a FAQ page for people affected by the breach. If they mention any actions to take, be sure to do so.
  • If you're unsure if you have been affected by this breach, or any other data breach, you can check out haveibeenpwned.com, which allows you to search for usernames and emails that have been exposed in a data breach.

For now, the company has shut down their Learning Lodge website and any other

websites affected by this breach as part of their ongoing investigation.

This data breach shows that hackers are interested in personal information of children too. If your kids are playing online games, and living in 2015, Norton Family has features that can help protect their personal information, and help you supervise their online activities.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.