21-Year-Old British Man Arrested In Connection With VTech Hack

Ewan Palmer writes: A man has been arrested in connection with the alleged hacking of electronic toy manufacturer VTech which affected millions worldwide. The 21-year-old was arrested in Berkshire, South East England, on suspicion of unauthorized access to computers to facilitate the commission of an offence and suspicion of causing a computer to perform function to secure/enable unauthorized access to a program/data following the data breach in November. From the BBC's coverage of the arrest: In the attack, servers used to support VTech's Learning Lodge app were compromised. ... The Learning Lodge database logged names, email addresses, encrypted passwords, IP (internet protocol) numbers and other personal data. Some of the information was about children including names, dates of birth and gender. No credit card data was stored in the compromised database. Details on customers from all over world, including the US, UK, France and China, were taken. Some of the data is believed to have been posted briefly online before being removed. When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.

Ohmygod! The world is falling apart!

Am I alone in this uneasy feeling about so-called security pundits putting their breathlessness on display over some stupid, embarrasing and perhaps sometimes obnoxious hoaxes -- but far from "tragic", "catastrophic" or whatever superlatives?

C'mon. Tragic is that there are still people starving out there. Catastrophic is what's going on in Syria at the moment while the "developed countries" is quabbling in their disgusting powerplay over whatever.

But some compromised servers? Cool down, folks.

... about children ...

[future+assassin]

that right there requires a full scale assault on the perpetrators and 100 years of jail time. Think of the children, said the person who required the kids names be in the db and the parents who wilfully gave that info out to access a toy.

Re:Hope the bastard gets a nice long stretch

[dotancohen]

I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.

My daughter just this week received a VTech tablet as a gift. We could not connect it to the network due to this hack, and it took me a few minutes to put one and one together to realize that _this_toy_ was the one whose network was hacked. Of course, I had just warned her a few minutes beforehand about entering personal information into the device.

As a parent of a child with this tablet, I am _happy_ that this guy broke in. The VTech company is completely negligent, and I'm furious that they would not encrypt the communications and have such egregious flaws. I'm a software developer and I know that all software has bugs, but this isn't a bug. This was a choice by VTech to use unencrypted communications and to not use best practices in their DB communications (prepared queries). If this Brit hadn't broken in, somebody with worse intentions would have.

I don't personally verify that my bank has good locks, and I don't personally verify that my health care provider's employees have each received proper certification. I have to trust many entities in my life, VTech was one, but when the bank doesn't even bother to lock the safe, or the health care provider slaps a Dr badge on anybody with a white coat, then we have justified reason to be angry not with those who opened the safe but rather with those who left it unguarded.