A Child Tracker Website, uKnowKids, Admits Data Breach

Child Tracker Website, uKnowKids, Admits Data Breach

  • By Sydny Shepard
  • Feb 25, 2016

A misconfigured database at uKnowKids, a child-tracker website, has exposed the data of 1,700 children, their person messages, social media profiles and images. More than 6.8 million private text messages, nearly 2 million images and more than 1,700 detailed child profiles were left exposed. These profiles include last names, email addresses, date of birth, GPS coordinates, social media credentials and more.  

The insecure MongoDM installation was online for seven weeks before a security researcher, Chris Vickery, discovered it and reported the issue to uKnowKids. The company responded promptly to tighten the security of its systems.

Steven Woda, chief executive of uKnowKids, admitted to the issue in an advisory to the customers while criticizing the motives of the researcher.

“The hacker claims to be a ‘white-hat’ hacker a ‘security researcher’ or ‘white hat hacker’ or ‘ethical hacker’ which means he tries to obtain unauthorized access into private systems for the benefit of the ‘public good,’” Woda said. “Although we do not approve of his methods because it unnecessarily puts customer data and intellectual property at risk, we appreciate his proactive, quick notification as it was helpful to our team.”

Woda explained that any data breach affecting the subscribers was a very serious issue and the company would not plan to minimize the breach. Woda is also at battle with Vickery who is reluctant to comply with uKnowKids and delete any extracted information he obtained from the database.

“I securely wiped it within 48 hours and notified uKnowKids of this fact,” Vickery said. “However, the few retained screenshots are completely redacted of all Personally Identifiable Information and are being kept for purposes of credibility and to keep uKnowKids (minimally) honest in their claims."

uKnowKids is now working with the FTC to help make their databases more secure.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”