UK Man Arrested Over VTech Data Hack That Exposed Kids' Info


A young man was recently apprehended by the police in Bracknell, near London, following a cyberattack on the children's electronic toymaker VTech Holdings Ltd.

Representatives of the South East Regional Organised Crime Unit (SEROCU) declared that the reason for the arrest was suspicion of "unauthorized access to a computer to facilitate the commission of an offense."

The Tuesday arrest of the 21-year-old man is part of an inquiry which investigates the hacking of the electronic toymaker VTech Holdings Ltd's database, according to the police.

Authorities took in custody a few electronic devices that belonged to the man. The Cyber Crime eForensics Unit from SEROCU will check the devices to see if they were indeed used in the VTech hack.

"We are still at the early stages of the investigation and there is still much work to be done," head of the Cyber Crime Unit at SEROCU, Craig Jones, said.

The attack happened in November and compromised nearly 6.4 million profiles of children and around 4.9 million of their parents' accounts. The Hong Kong-based manufacturer of electronic toys for children reported the numbers soon after the incident happened.

The company pointed out that hackers gained access to the confidential info through VTech's Learning Lodge database, a section of the website where users can download games, e-books and apps.

VTech stated that no credit card info got stolen, but confirmed that the profiles offered the perpetrators detailed personal information, such as the names, genders and birth dates of children.

"Cyber criminality is affecting more and more business around the world and we continue to work with our partners to thoroughly investigate, often very complex cases," Jones underlined.

Earlier this month, Motherboard got an exclusive interview with an anonymous hacker, who declared that the VTech's webpage was poorly secured against cyberthreats and especially vulnerable to the primitive and efficient hacking method called SQL injection.

The hacker made clear that his intention was to simply expose the security weaknesses of the website.

"I just want issues made aware of and fixed," he noted.

According to Motherboard, hackers also had access to the images and chat history of children. In retort, VTech mentioned that it uses encryption for the images that it hosts on its servers, and that the truth behind Motherboard's claims cannot be confirmed.

Whether the recently arrested suspect and the hacker who spoke to Motherboard about VTech's security flaws are the same person is still unknown.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics