Police in the United Kingdom announced on Tuesday that a 21-year-old man has been arrested on suspicion of being involved in the recent hacker attack aimed at Chinese educational toymaker VTech.
According to the South East Regional Organised Crime Unit (SEROCU), the unnamed suspect is from Bracknell, a town in Berkshire, England. He has been identified as part of an investigation conducted by SEROCU’s Cyber Crime Unit in collaboration with partner agencies.
The man was arrested on Tuesday morning on suspicion of unauthorized access to a computer to facilitate the commission of an offence, and causing a computer to perform function to secure or enable unauthorized access to a program or data. These offences are covered in section 2, respectively section 1, of the UK’s Computer Misuse Act of 1990.
“We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offences and hold them to account,” said Craig Jones, Head of the Cyber Crime Unit at SEROCU. “We are pursuing cyber criminals using the latest technology and working with businesses and academia to further develop specialist investigative capabilities to protect and reduce the risk to the public.”
According to VTech, the hacker gained access to the personal details of users who registered an account for the company’s Learning Lodge, Kid Connect and PlanetVTech services. From Learning Lodge, the attacker obtained the details of more than 4.8 million customer (parent) accounts and over 6.3 million kids profiles, including 1.2 million who used the Kid Connect app. From the PlanetVTech databases, the hacker accessed 235,000 parent accounts and 227,000 kids profiles.
Kids profiles include names, genders and dates of birth, while parent accounts include names, email addresses, secret questions and answers, IP addresses, passwords, mailing addresses and download history. Information provided for the Kid Connect service includes email addresses, passwords and profile photos.
The hacker also provided proof that he obtained audio files, chats and kids’ profile photos, but VTech still hasn’t been able to confirm this. The affected services have been taken offline and VTech has hired FireEye-owned Mandiant to assist in the investigation and review the company’s data protection procedures.
Most of the affected users are from the United States (2.2 million), followed by France (868,000), the UK (560,000), Germany (390,000) and Canada (237,000).
Shortly after the breach came to light, the hacker told Vice’s Motherboard that he targeted VTech to expose the company’s inadequate security practices and raise awareness of the flaws in an effort to get them fixed. He claimed he never intended to sell the stolen data for profit.