UKnowKids turns against researcher who found 1,700 children’s data was at risk

Child-focused security firm embroiled in row with security expert over insecure database

Open padlock key

Child-tracking app has accused a security researcher of "hacking" its systems after he warned it that its data was at risk.

Researcher Chris Vickery found that one of's databases was misconfigured on Monday, exposing 1,700 children's detailed profiles, including email addresses, full names, dates of birth and even GPS co-ordinates for nearly 50 days.

The at-risk data also included 6.8 million personal messages and nearly two million images, many of which were of children.

This data was stored on a MongoDB database configured for public access, and Vickery claimed he did not even need a password to access it.

Advertisement - Article continues below

"I don't know about you, but I would consider it not a 'reasonable procedure' to give the public open, unfettered access to a database containing detailed child information," the Kromtech security researcher wrote on MacKeeper.

Steve Woda, CEO of the child safety app company, acknowledged the problem in a blog, and said his technology team patched the vulnerability 90 minutes after Vickery notified him.

He added that the leak affected just 0.5 per cent of the children uKnowKids is charged with protecting.

But he also questioned Vickery's intentions, and wrote: "The hacker claims to be a white-hat' hacker which means he tries to obtain unauthorised access into private systems for the benefit of the public good'.

"We are doing our best to fully identify Mr. Vickery in order to validate his stated benign' intentions."

Woda wrote that Vickery notified uKnowKids of the data leak 12 minutes after downloading the database, having taken screenshots of business data and customer data.

The firm demanded that Vickery delete the downloads, which he did, but he has kept a number of screenshots, which he claimed to have redacted.

Speaking to CSOOnline, Vickery said he was holding onto the screenshots to ensure uKnowKids remains "(minimally) honest in their claims".

He said that Woda expressed fears in an email conversation with him that revealing the database insecurity could put uKnowKids out of business.

Woda's firm has reconfigured all encryption keys and data schemas to fend off cyber criminals, and has hired two security firms to help expose any other vulnerabilities in its systems. It also reported the breach to the Federal Trade Commission.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now



How to protect against a DDoS attack

25 Oct 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
data breaches

T-Mobile data breach affects more than a million users

25 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019