Police in the United Kingdom arrested a 21-year-old man on Tuesday as part of the investigation into a massive hack against Hong Kong-based toymaker VTech.
VTech sells popular toys for very young children, including smartwatches and tablets. The November breach of several company databases exposed information about 5 million adults and more than 6 million children around the world, including names, genders and birth dates.
Tech site Motherboard reported that some pictures, chat logs between parents and their kids, and even audio recordings were also leaked, but the company has said it “cannot confirm” that information was reached by the hacker.
VTech’s systems were reportedly vulnerable to a well-known hacking technique. The alleged hacker told Motherboard he attacked the company and then went to the press to highlight its poor security practices.
The incident raised new questions about the digital security of toys at a time when big corporations are increasingly marketing dolls and other devices that connect to the Internet and collect data about children.
Earlier this month, researchers publicly disclosed security problems with Hello Barbie, a new doll that relies on artificial intelligence and an online connection to carry on conversations with children. ToyTalk, the company Hello Barbie’s voice features, worked with the researchers to help fix “many of the issues they raised” before they were revealed.
The name of the man arrested in connection to the VTech hack was not released, but he was taken into custody in the United Kingdom on suspicion of two charges related to a 1990 computer crime law, according to a police announcement.
“We are still at the early stages of the investigation, and there is still much work to be done,” Craig Jones, head of a police cybercrime unit, said in a statement. “Cybercrime is an issue which has no boundaries and affects people on a local, regional and global level.”