KidSecurity App Leaks Sensitive Information About Children for the Second Time

KidSecurity, a popular parental control app, has once again found itself in hot water as it has leaked sensitive information about children, this time exposing GPS locations and private messages on minors’ devices. The Cybernews research team discovered on February 7th, 2024, that the app’s developers failed to configure authentication for their Kafka Broker Cluster, leading to a massive data breach.

With over a million downloads on Google Play, KidSecurity offers parents the ability to track their children’s location, monitor digital interactions, and even listen to the sounds around their child for safety purposes. However, this latest breach has put the privacy and security of minors at risk.

The leaked data included minors’ social media messages from platforms like Instagram, WhatsApp, and Telegram, parents’ email addresses, IP addresses, app store information, lists of installed apps, rewards given to kids, audio recordings of the environment, and much more. This breach marks the second time the app has failed to secure access to its systems, with the previous incident exposing over 300 million records of private user data.

The leak not only impacted children with the app installed but also those who communicated with them, as messages sent to kids with the app were also exposed. Malicious actors could potentially exploit this data to manipulate minors and pose serious threats, such as abduction.

Cybernews has reached out to the company for a response, but as of now, no reply has been received. The app’s lack of security measures has raised significant concerns about the safety of minors using such tracking apps and the need for stricter data protection regulations in the tech industry.