A Child Tracker Website, uKnowKids, Admits Data Breach

Child Tracker Website, uKnowKids, Admits Data Breach

  • By Sydny Shepard
  • Feb 25, 2016

A misconfigured database at uKnowKids, a child-tracker website, has exposed the data of 1,700 children, their person messages, social media profiles and images. More than 6.8 million private text messages, nearly 2 million images and more than 1,700 detailed child profiles were left exposed. These profiles include last names, email addresses, date of birth, GPS coordinates, social media credentials and more.  

The insecure MongoDM installation was online for seven weeks before a security researcher, Chris Vickery, discovered it and reported the issue to uKnowKids. The company responded promptly to tighten the security of its systems.

Steven Woda, chief executive of uKnowKids, admitted to the issue in an advisory to the customers while criticizing the motives of the researcher.

“The hacker claims to be a ‘white-hat’ hacker a ‘security researcher’ or ‘white hat hacker’ or ‘ethical hacker’ which means he tries to obtain unauthorized access into private systems for the benefit of the ‘public good,’” Woda said. “Although we do not approve of his methods because it unnecessarily puts customer data and intellectual property at risk, we appreciate his proactive, quick notification as it was helpful to our team.”

Woda explained that any data breach affecting the subscribers was a very serious issue and the company would not plan to minimize the breach. Woda is also at battle with Vickery who is reluctant to comply with uKnowKids and delete any extracted information he obtained from the database.

“I securely wiped it within 48 hours and notified uKnowKids of this fact,” Vickery said. “However, the few retained screenshots are completely redacted of all Personally Identifiable Information and are being kept for purposes of credibility and to keep uKnowKids (minimally) honest in their claims."

uKnowKids is now working with the FTC to help make their databases more secure.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.