The breach -- originally confirmed on Friday -- impacted VTech's Learning Lodge app store database, which features learning games and other educational tools for children.
The database was hacked on November 14 -- a full 10 days before VTech took notice. The attack has since prompted an investigation by the Hong Kong-based company and the decision to temporarily cease trading on the stock exchange.
VTech also said Monday it will shut its app store temporarily and suspend 13 of its associated websites as a precautionary measure.
Motherboard, which first reported the incident, had estimated the number of breached accounts at 4.8 million.
VTech has said repeatedly that its customer database does not include credit card information, Social Security numbers or driving license numbers.
However, the toymaker has come across as surprisingly aloof when addressing the severity of the breach and the fact that it compromised the data of children.
VTech admits the affected customer database includes profile information including name, gender, birthdate, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history.