Police arrested children’s hacker, a 21 year-old man who exposed the personal data of more than 6 million children. A breach in the security of VTech toy-maker exposed the data of 11.6 million people, among which 6.4 million under 18.
The hacker gained access to a database containing children’s personal information, such as names, birthdates and gender and their parent’s e-mail and IP addresses, password data, including security questions and download histories. About fifty percent of the compromised data belonged to users in North America.
According to Motherboard, the hacker leaked data of about 4.8 million users, including photos, call recordings and chat logs of hundreds of thousands of children. He has been able to download about 200 gigabytes of data.
The hacker claimed that he had no intention to make public any of the data but he sent about 3,832 images and an audio recording to Motherboard for purposes of verification. He says that he didn’t even had the intention to hack any data base and he had no idea what he was going to find on the servers.
According to the unidentified hacker, he randomly came over some information on a forum used by people who like to hack VTech’s Innotab tablet just for fun, for things like paying old games such as Doom. On that forum he found information about a webservice used by VTech to manage their products so he got curios and got on their website. There, he noticed that the site was using Flash and was vulnerable to SQL injection – an old-fashion hacking technique.
It wasn’t hard for the hacker to get all the administrative privileges on the server so he started to look around and see what he might find. It wasn’t until he found the enormous databases with millions of personal data when he realized how serious it was what he was doing.
The hacker was arrested today in Bracknell near London under the Computer Misuse Act. He was detained under the offences of unauthorized access to a computer and of unauthorized access to data.
VTech is also considered guilty with carelessness for how it handled data of millions of persons. It is not yet very clear why VTech has stored that kind of data on its servers.
Image source: freeimages.com