Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
United Kingdom Crime Security Your Rights Online

21-Year-Old British Man Arrested In Connection With VTech Hack (ibtimes.co.uk) 53

Ewan Palmer writes: A man has been arrested in connection with the alleged hacking of electronic toy manufacturer VTech which affected millions worldwide. The 21-year-old was arrested in Berkshire, South East England, on suspicion of unauthorized access to computers to facilitate the commission of an offence and suspicion of causing a computer to perform function to secure/enable unauthorized access to a program/data following the data breach in November. From the BBC's coverage of the arrest: In the attack, servers used to support VTech's Learning Lodge app were compromised. ... The Learning Lodge database logged names, email addresses, encrypted passwords, IP (internet protocol) numbers and other personal data. Some of the information was about children including names, dates of birth and gender. No credit card data was stored in the compromised database. Details on customers from all over world, including the US, UK, France and China, were taken. Some of the data is believed to have been posted briefly online before being removed. When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.
This discussion has been archived. No new comments can be posted.

21-Year-Old British Man Arrested In Connection With VTech Hack

Comments Filter:
  • I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.

    • The article doesn't really go into what the intent was.

      I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.

      If anything, VTech should be happy the guy was apparently novice enough to leave a clear trail which exposed their security weaknesses.

      • by Anonymous Coward

        so if I go to your house and smash your window, you wont press charges because I am just exposing your security weaknesses?

        • I am not saying VTech shouldn't be annoyed with him and even sue him for damages.

          But I don't condone "throwing the book" at him... as in "lock him away and throw away the key"

          In your analogy, I would certainly pursue damages from you, but I would also learn from the incident and perhaps move away or install a better security system.

      • by sycodon ( 149926 )

        I guess you didn't see the post directly above yours.

        Unbelievable.

        • by Anonymous Coward

          Calm down buddy. The "compromised" information is all freely available with services such as intelius anyway. This honestly isn't a big deal....

        • What? The "Reeeeesearcher" post?

          What is that supposed to mean? Is he a researcher? It doesn't state that in TFA.

      • I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.

        You would not need to release the information you obtained on to the internet to demonstrate this.

    • At least this is one of the few hacks we've seen where the passwords were encrypted... So, not as negligent as say, Sony.
    • by Lumpy ( 12016 )

      The rich never pay for their crimes.

    • by dotancohen ( 1015143 ) on Tuesday December 15, 2015 @12:44PM (#51122447) Homepage

      I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.

      My daughter just this week received a VTech tablet as a gift. We could not connect it to the network due to this hack, and it took me a few minutes to put one and one together to realize that _this_toy_ was the one whose network was hacked. Of course, I had just warned her a few minutes beforehand about entering personal information into the device.

      As a parent of a child with this tablet, I am _happy_ that this guy broke in. The VTech company is completely negligent, and I'm furious that they would not encrypt the communications and have such egregious flaws. I'm a software developer and I know that all software has bugs, but this isn't a bug. This was a choice by VTech to use unencrypted communications and to not use best practices in their DB communications (prepared queries). If this Brit hadn't broken in, somebody with worse intentions would have.

      I don't personally verify that my bank has good locks, and I don't personally verify that my health care provider's employees have each received proper certification. I have to trust many entities in my life, VTech was one, but when the bank doesn't even bother to lock the safe, or the health care provider slaps a Dr badge on anybody with a white coat, then we have justified reason to be angry not with those who opened the safe but rather with those who left it unguarded.

    • by GuB-42 ( 2483988 )

      I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it.

      Like what? Targeted advertising?
      If you are thinking about things like child rape, I don't know what a criminal could do with this data that he couldn't do much more effectively by logging into Facebook or just hanging around your local school. Some retarded parents just love to put all details about their kids life online, which has the effect of boring to death everyone except people you absolutely don't want to be interested.
      Anyways, child abuse online is a vastly overblown problem, used by governments to

  • by Anonymous Coward on Tuesday December 15, 2015 @10:45AM (#51121513)

    Am I alone in this uneasy feeling about so-called security pundits putting their breathlessness on display over some stupid, embarrasing and perhaps sometimes obnoxious hoaxes -- but far from "tragic", "catastrophic" or whatever superlatives?

    C'mon. Tragic is that there are still people starving out there. Catastrophic is what's going on in Syria at the moment while the "developed countries" is quabbling in their disgusting powerplay over whatever.

    But some compromised servers? Cool down, folks.

    • Well said, my friend.

    • Well, that's modern journalism for you. They are more interested in promoting a viewpoint and reciting a narrative than reporting the facts. Just watch some old BBC from 70s/80s on youtube...it's just a clipped glass accent telling you what happened, when, and to whom. A far cry from today.
  • by Anonymous Coward

    He'll rat out on all of his "anonymous" accomplices. Those cowardly nerds always do.

  • When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.

    He should have invented a new word, such as badest.

    "The breach was the badest I've ever seen."

    • When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was. He should have invented a new word, such as badest. "The breach was the badest I've ever seen."

      "The breach was the 9/11est I've ever seen. It was like 9/11 times one million."

  • by CimmerianX ( 2478270 ) on Tuesday December 15, 2015 @12:02PM (#51122103)

    ... embarrassing a large corporation by showing how easy it was to bypass security and releasing the proof to the media.

    We can't have large corporations' money flows placed at risk now.....

  • by future assassin ( 639396 ) on Tuesday December 15, 2015 @12:05PM (#51122139) Homepage

    that right there requires a full scale assault on the perpetrators and 100 years of jail time. Think of the children, said the person who required the kids names be in the db and the parents who wilfully gave that info out to access a toy.

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.

Working...