VTech Holdings, a digital toy maker, reported a cyberattack that breached information of approximately 4.8 million adults and more than 200,000 children, according to Motherboard.
Hackers accessed names, email addresses, passwords and home addresses of parents who have purchased products from the Hong Kong-based company, as well as first names, genders and birth dates of children, according to the report.
VTech makes digital toys and electronic learning tools.
The hacker claiming responsibility for the breach told Motherboard he or she had no plans to do anything with the data. A VTech spokeswoman told Motherboard the company was unaware of the breach until the Motherboard journalist reached out to them for a comment.
VTech then issued a news release announcing the breach.
The hacker told Motherboard he or she used SQL injection to gain access to the company's database, "an ancient, yet extremely effective, method of attack," according to Motherboard. In this type of attack, a hacker inserts malicious commands into a website's forms to trick it to return data.
While the hacker indicates no plans to do anything with the data, he or she did tell Motherboard somebody else may have gotten to it first. "It was pretty easy to dump, so someone with darker motives could easily get it," the hacker told Motherboard in an encrypted chat.
According to a Reuters report, experts warn of additional breaches through digital toys and other web-based devices.
"You have all these devices and services that are connecting to the Internet by companies that don't have the experience that older software companies do in securing their data," Katie Moussouris, chief policy officer with HackerOne, told Reuters.
More articles on data breaches:
Quest Diagnostics faces class action lawsuit following data breach: 3 things to know
[Infographic] The state of healthcare data privacy: 5 key findings
California lab reports 2 October breaches hit 4,300 patients