Another Day, Another Hack: 1700 Kids' Profiles with Millions of Texts and Pics

A security researcher discovered an online, open database belonging to uKnowKids.com.

Quite literally, every day someone gets hacked. Whether that's a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another.

That's why we're launching this new format: Another Day, Another Hack. We'll do short posts giving you what you need to know about the hack, so you can figure out whether your bank account, website logins or anything else might be at risk. Because, even if the hack might not be the most sophisticated, and as new data breaches fight for your attention, real people are still getting fucked over somewhere, and should know about it.

A security researcher has found an online database belonging to uKnowKids.com, a company selling parental monitoring tools. The database, which required no authorisation to access, contained over 6.8 million text messages, and nearly 2 million images, belonging to 1,700 child profiles, according to a post published on Tuesday by MacKeeper security researcher Chris Vickery.

The profile, Vickery continued, include full names, email addresses, dates of birth, GPS coordinates, social media logins, and other information, although the affected company said in a blog post that the credentials were encrypted.

"With respect to customer data, no financial information or unencrypted password credentials were vulnerable. However, names, communications, and URL data was exposed for about 0.5% of the kids that uKnowKids has helped parents protect online and on the mobile phone," Steven Woda, co-founder and CEO of uKnow wrote.

The database also included proprietary intellectual property, business data, and "trade secrets," he continued, and added the the company has since patched the database.

"There's no way for me to know for sure how long this data was exposed to the public internet, although the information collected by Shodan.io suggests that the database had been up for at least 48 days," Vickery writes. Shodan is essential a search engine for computers, allowing anyone to quickly find vulnerable internet connected devices. Vickery has been using Shodan over the past few months to discover all manner of other data leaks.

There has been a noticeable spike in the number of hacks or breaches affecting children. As Motherboard previously reported, a hacker obtained images of children from toy manufacturer VTech in November. Researchers have also exposed vulnerabilities in Barbie smart-toys, that would allow hackers to eavesdrop on conversations,

The lesson: As a consumer, we rely on security researchers to uncover vulnerabilities in systems and particular companies so that we can make informed decisions. In this case, it appears that customers may have misplaced their trust in uKnowKids.com. As a precaution, any of the company's customers should probably change the passwords of social media accounts linked with their uKnowKids.com accounts.

Another day, another hack.

Illustration by Che Saitta-Zelterman