FYI.

This story is over 5 years old.

Tech

British Cops Arrested a Man They Suspect of Hacking VTech

British police have tracked down a suspect in their investigation of the data breach on the toymaker.
Image: AP Photo/Mark Lennihan, File

Police officers have arrested a 21-year-old man suspected of hacking Chinese toymaker VTech, and exposing the personal information of millions of parents and kids.

A regional unit of the UK National Crime Agency—the equivalent of the FBI—arrested an unnamed man Tuesday morning in Bracknell, a town 30 miles west of London, according to a statement. The man is suspected of "causing a computer to perform function to secure/enable unauthorised access to a program/data" and "unauthorised access to computer to facilitate the commission of an offence," which are crimes according to section one and two, respectively, of the UK's anti-hacking law the Computer Misuse Act.

Advertisement

The police did not release any other details about the arrest. A police spokesperson declined to comment.

"I am afraid there is no more information available at this time," Lucy Billen, a spokesperson with the Thames Valley Police, told Motherboard in an email.

It is not clear if the man who was arrested is the same person who first informed Motherboard of the hack, and we have been unable to reach our initial source for comment.

In early November, an anonymous hacker broke into to the servers of VTech, a Chinese company that sells various internet-connected gadgets for kids. The hacker claimed he was easily able to access the personal data of millions of parents—including names, emails and passwords—and hundreds of thousands of kids.

He even found pictures of children taken with the toys, and chat logs exchanged between parents and their children.

The company was unaware that a breach had occurred until contacted by Motherboard. After an initial disclosure that downplayed the damage, VTech revealed that the hacker accessed data belonging to 4.8 million parents, and 6.3 million children.

The hacker, however, did not release any of the information online,. He explained to Motherboard that his intention was to expose VTech's poor security, and highlight the fact that the company had left the data exposed online.

"I just want issues made aware of and fixed."

"Profiting from [database] dumps is not something I do. Especially not if children are involved!" he told me in early December. "I just want issues made aware of and fixed."

According to security expert Troy Hunt, who did a cursory review of VTech's websites and online services, and helped Motherboard analyze the stolen data, the company was "negligent" and failed at protecting its data.

"The bottom line is that you don't even need a data breach," Hunt told Motherboard at the time.

At this point, it's unclear if the authorities will take his intentions into consideration.