UKnowKids turns against researcher who found 1,700 children’s data was at risk

Child-focused security firm embroiled in row with security expert over insecure database

Open padlock key

Child-tracking app uKnowKids.com has accused a security researcher of "hacking" its systems after he warned it that its data was at risk.

Researcher Chris Vickery found that one of uKnowKids.com's databases was misconfigured on Monday, exposing 1,700 children's detailed profiles, including email addresses, full names, dates of birth and even GPS co-ordinates for nearly 50 days.

Advertisement - Article continues below

The at-risk data also included 6.8 million personal messages and nearly two million images, many of which were of children.

This data was stored on a MongoDB database configured for public access, and Vickery claimed he did not even need a password to access it.

"I don't know about you, but I would consider it not a 'reasonable procedure' to give the public open, unfettered access to a database containing detailed child information," the Kromtech security researcher wrote on MacKeeper.

Steve Woda, CEO of the child safety app company, acknowledged the problem in a blog, and said his technology team patched the vulnerability 90 minutes after Vickery notified him.

He added that the leak affected just 0.5 per cent of the children uKnowKids is charged with protecting.

But he also questioned Vickery's intentions, and wrote: "The hacker claims to be a white-hat' hacker which means he tries to obtain unauthorised access into private systems for the benefit of the public good'.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We are doing our best to fully identify Mr. Vickery in order to validate his stated benign' intentions."

Woda wrote that Vickery notified uKnowKids of the data leak 12 minutes after downloading the database, having taken screenshots of business data and customer data.

The firm demanded that Vickery delete the downloads, which he did, but he has kept a number of screenshots, which he claimed to have redacted.

Speaking to CSOOnline, Vickery said he was holding onto the screenshots to ensure uKnowKids remains "(minimally) honest in their claims".

He said that Woda expressed fears in an email conversation with him that revealing the database insecurity could put uKnowKids out of business.

Woda's firm has reconfigured all encryption keys and data schemas to fend off cyber criminals, and has hired two security firms to help expose any other vulnerabilities in its systems. It also reported the breach to the Federal Trade Commission.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020