UK police arrest 21 year old man in VTech hacking probe

Police in the UK arrested a 21-year old man in Berkshire who may have been behind the VTech hack.

The South East Regional Organised Crime Unit (Serocu) said in a statement that the suspect has been held on suspicion of “unauthorised access” to a computer. Organized crime refers to large groups of criminals who work together on a large scale.

“We are still at the early stages of the investigation and there is still much work to be done,” said Craig Jones, head of the cyber crime unit at Serocu.

“Cybercrime is an issue which has no boundaries and affects people on a local, regional and global level.”

VTech, which sells electronic learning products, had its app store database hacked on November 14.

Servers which supported the Learning Lodge app were compromised and the hacker was able to gain access to the personal details (such as names, genders and birthdates) of over 5 million customers, including children.

Customers all over the world were affected by the data breach, including those in the US, UK, France and China.

According to Motherboard, the hacker said that the information was obtained by a SQL injection vulnerability. “It was pretty easy to dump, so someone with darker motives could easily get it,” the hacker said in an encrypted chat.

Microsoft developer and security specialist Troy Hunt said: “When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts,”

He added: “When it includes their parents as well – along with their home address – and you can link the two and emphatically say ‘Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)’, I start to run out of superlatives to even describe how bad that is.”

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.