UK man arrested in VTech kids app hacking scandal

Police have arrested a 21-year-old UK man in relation to the VTech kid's app hacking scandal that compromised the accounts of up to 6.3 million users. The crime unit said he was being held on "suspicion of unauthorized access to computer[s] to facilitate the commission of an offense," but cautioned that the investigation was still in the early stages. The man was arrested in Berkshire, west of London, but his name wasn't released. As a reminder, the breach last month affected users of VTech's Learning Lodge app and Kids Connect chat program, and allowed the attackers to collect photos, chat logs and other private information.

VTech advised customers to change their passwords and password retrieval information immediately, and has temporarily suspended the Kid Connect app, from which the hacker got the photos. After investigating the breach, security expert Troy Hunt found a lack of encryption, the use of Flash and other fundamental security shortcomings. In describing the nature of the attack, he said "I start to run out of superlatives to even describe how bad it is ... what really disappoints me is the total lack of care shown by VTech in securing the data."

That snowballed into demands from US legislators that VTech provide an explanation as to how all this could have happened. Meanwhile, the individual behind the attack who originally contacted Motherboard (who may or may not be the person arrested) claimed he was just trying to warn parents of the problem. Whether the police see it that way is another thing.