According to the tech news site Motherboard.vice.com, the VTech hacker, who wishes to remain anonymous, hacked the toy company to expose the problems with security and force them to fix the problem.
He was in a forum of hackers who like to tinker with the Innotab “just for the lulz”. For instance, the hackers were able to install the 1990’s game Doom onto the device and play it. In the forum, one hacker discussed a web service that VTech uses to manage their products. That got him thinking.
He found the VTech management website called planetvtech.com and was able to use old hacking technology (SQL Injection) and quickly gained administrative privileges to do whatever he wanted. Digging a little further, he came across pictures, addresses and a slew of other information on the users of the devices.
“When I got the [database] dumps, I realized how serious it was,” he told Motherboard in an encrypted chat.
From there he went straight to the reporters at Motherboard, because he feared that if he went to VTech, they would try to cover up the issue. The hacker never wanted to sell the information for profit. He considers it “morally wrong”.
“Profiting from [database] dumps is not something I do. Especially not if children are involved!“ he said. “I just want issues made aware of and fixed.”
VTech admitted to the hack last Friday, and news quickly spread to major new stations around the world. The hacker still believes there is a lot of vulnerability to be found, and he plans on trying to find more issues once VTech is back online. And if not there he might move to a new target, “maybe into VTech’s competitors; I don’t know.”