1,700 Child Profiles Exposed in Alleged uKnowKids Hack
Today, MacKeeper reported it was able to infiltrate the uKnowKids database to expose 6.8 million private text messages, nearly 2 million images and more than 1,700 child profiles, which included first and last names, email addresses, birth dates, GPS coordinates, social media credentials and more.
MacKeeper’s security researcher, Chris Vickery, claims on his blog that uKnowKids.com, a child activity tracker, has violated the Children’s Online Privacy Protection Act (COPPA) by not maintaining strong security safeguards.
COPPA, established by the Federal Trade Commission (FTC), has created rules for how companies must store kids’ personal information. One of the requirements is to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”
Vickery said the uKnowKids database did not meet this standard, was configured for full public access and required no “level of authentication or password,” and provided “no protection at all for this data.”
uKnowKids allows parents to monitor their kids’ activities on the Internet and social media networks. The company claims to make “parenting easier, and keeps kids safe online.”
Steve Woda, CEO of uKnowKids, posted a response on its website, saying it had patched the vulnerability, reconfigured all encryption keys to mitigate any previously breached data, and updated their internal security policy.