Hong Kong based toy maker, VTech had regretfully announced last month that its Learning Lodge app store database was breached. The cyber attack led to the exposure of data belonging to approximately 11.6 million people. 6.4 million of these were minors. There were more questions than answers related to the attack and VTech’s security was questioned by the millions of people whose accounts were compromised.
UK police said they arrested a 21 year old man who could be linked to November’s cyber attack on VTech. The unnamed man was apprehended by the police at Bracknell which is around 30 miles from London. The man was held on suspicion of two offenses under the Computer Misuse Act of 1990. It is said that the police also seized electronic devices which will be examined by the cyber-crime forensics unit.
VTech manufactures electronic toys as well as tablet computers for children and apps can be downloaded on these toys from the company’s Learning Lodge app store. These app store accounts were targeted by the hacker. In addition to this, the Kid Connect messaging system was also breached and the hacker obtained chats that were stored in the system.
It is being stipulated that stolen information included the name, gender and date of birth of the children, while it included mailing address, e-mail address, security questions for password retrieval, IP addresses and passwords of the parents.
Confidential information like this can be used to infiltrate a lot of other details linked to the parents. The majority of accounts belonged to people in North America, France, UK and Germany.
The site was hacked because of its vulnerability to an old, but effective, hacking technique which is known as SQL injection. The hacker has obtained the highest level of administrative privileges on the server and then he had the ability to obtain almost all the information from the server easily. There is little doubt to the fact that VTech displayed carelessness in handling its clients’ accounts.
What is now awaited is the penalty that will be sought by prosecutors if the man is found guilty.