The US is investigating the theft of data from toy manufacturer Vtech which saw hackers gaining access to customer details and pictures of children who used its internet-connected devices.
Data was stolen from the company’s ‘Learning Lodge’ app, a gateway for customers to download games, e-books and other content on to their Vtech devices.
It is thought that approximately five million customers were affected worldwide including those from the UK, US, France and China.
Vtech also makes numerous technology products that are designed for children which have cameras, such as tablets and smartwatches.
As well as the customer details, the hackers reportedly stole photos and chat logs from VTech's Kid Connect service which allows adults to chat with their children using a VTech tablet.
The attorney-generals of Connecticut and Illinois in the US have said they would probe the breaches, though their representatives declined to comment on the focus of their inquiries.
The technology website Motherboard said it was contacted by the hacker who said that they had no plans to publish or sell the data.
”Frankly, it makes me sick that I was able to get all this stuff,” the hacker told the site. ”VTech should have the book thrown at them.”
The hacker said they were able to access 190GB worth of data and tens of thousands of parents and children headshot photos. They shared a sample of 3,832 image files with Motherboard to verify they had actually accessed the data.
Vtech has confirmed the reports and said that the names, email addresses, encrypted passwords, IP and mailing addresses were stolen in the attack. However, it noted that no credit card information was lost.
"You have all these devices and services that are connecting to the Internet by companies that don’t have the experience that older software companies do in securing their data," said Katie Moussouris, chief policy officer with cyber security firm HackerOne.
Last week, the Guardian reported that the latest figurine in the long-running range of Barbie dolls called ‘Hello Barbie’ could easily be hijacked to allow hackers to spy on children.
The new doll from toy company Mattel is capable of listening to a child and responding via voice, in a similar way to Apple’s Siri, Google Now and Microsoft’s Cortana.
It connects to the internet via Wi-Fi and has a microphone to record children, but security flaws in the device could allow hackers to listen in.