Dive Brief:
- Earlier this month, a white hat hacker discovered a vulnerability in a database belonging to uKnowKids, a firm that allows parents to track their kid's online activity.
- The researcher, Chris Vickery, said there were no password protection in place on the site, exposing millions of text messages, pictures and 1,700 "detailed child profiles” belonging to uKnowKids' customers.
- The site had reportedly been exposed for nearly 50 days, according to a report from the International Business Times.
Dive Insight:
Vickery quickly reported the incident to the company, which in turn patched the vulnerability within 90 minutes. He later commented on the firm's weak security practices in a blog post, explaining how one of their databases configured for public access.
uKnowKids offers services that include tracking children's social media accounts and text message activity and includes a notification and alert system to tell parents when their child is in a potentially risky situation, according to uKnowKids website.
The company said no financial information or unencrypted password credentials were at risk, however names, communications and URL data were exposed. The database stores the sensitive information of children, and contained nearly 6.8 million text messages and 1.8 million images.
The CEO of uKnowKids, Steve Woda, later publicly slammed Vickery for his methods. Vickery said he found the firm's response “unusual,” stating that most companies appreciate his efforts at pointing out vulnerabilities before they are hit by a hacker with negative intentions.