1,700 Child Profiles Exposed in Alleged uKnowKids Hack

February 23, 2016, Written By Bill Hardekopf
uknowkids

Today, MacKeeper reported it was able to infiltrate the uKnowKids database to expose 6.8 million private text messages, nearly 2 million images and more than 1,700 child profiles, which included first and last names, email addresses, birth dates, GPS coordinates, social media credentials and more.

MacKeeper’s security researcher, Chris Vickery, claims on his blog that uKnowKids.com, a child activity tracker, has violated the Children’s Online Privacy Protection Act (COPPA) by not maintaining strong security safeguards.

COPPA, established by the Federal Trade Commission (FTC), has created rules for how companies must store kids’ personal information. One of the requirements is to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”

Vickery said the uKnowKids database did not meet this standard, was configured for full public access and required no “level of authentication or password,” and provided “no protection at all for this data.”

uKnowKids allows parents to monitor their kids’ activities on the Internet and social media networks. The company claims to make “parenting easier, and keeps kids safe online.”

Steve Woda, CEO of uKnowKids, posted a response on its website, saying it had patched the vulnerability, reconfigured all encryption keys to mitigate any previously breached data, and updated their internal security policy.

This breach comes after the December VTech and Hello Kitty hacks, and has called into question whether companies are doing enough to protect children’s personal information.



The information contained within this article was accurate as of February 23, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.