Family Friendly Social Site is Leaving Your Kids’ Information Unprotected for Hackers to Find

By May 13, 2013Articles

Family Friendly Social Site is Leaving Your Kids' Information unprotected for Hackers to Find shutterflyMany people believe that once we are behind a computer, we become anonymous. Of course, we should protect ourselves by not posting any sensitive  information on public online spaces, but there are many other ways that you and your family could be easily found without sharing any distinct personal details. Another aspect of cyber security that Digital Locksmiths works with is online safety, particularly for children.

It goes without saying that you should not post personal information in dangerous places like chatrooms, but what about websites that are designed to be safe and family-friendly? It has recently become known that the popular photosharing site, Shutterfly, has been untruthful about its privacy policies . Although the site claims to be entirely protected by SSL––a cryptographic protocol that keeps online communications secure––in its privacy policy , the website is using the encryption for only some aspects of the website. Other popular applications, such as Shutterfly’s popular and free “Team” service is not. The Shutterfly “Team” service has a partnership with the American Youth Soccer Organization (AYSO), and encourages parents and coaches to sign up their athletic groups so they can have a central location to share team photos and roster information, including home addresses, contact information, gender, schools, jersey numbers, and game schedules. While it is great that Shutterfly is securing its users’ credit cards, isn’t it concerning that they are not protecting children?

According to the Mother Jones article, Shutterfly representatives have been aware of this problem for at least six months, but has not taken any steps to remediate the issue, or warned its users of the insecure details on their children. Suddenly, this sensitive information could become accessible to anyone with basic tech skills, and knowledge about cookie-catching software.

There are two popular programs called Firesheep and CookieCadger that have been circulating the Internet since 2011 that make hacking unknowing user’s personal accounts quickly and easily. Provided that you are in the same wifi zone (i.e. in a coffee shop, or other hotspots that aren’t password protected) programs like Firesheep and CookieCadger allows hackers to gain access to even your password-protected websites with the click of a couple buttons. This because once you have entered your password into whatever site you are using, the SSL stops working on sites like Shutterfly that are not entirely SSL-protected. Hackers using Firesheep or CookieCadger can see that you’ve logged into these pages, and now have access to them as well. They would now be able to view all of the user’s sensitive information contained on that site. In the case of Shutterfly, they would now know everything about where you child lives, how old they are, what school they go to, and where they will be and when.

When using websites that you are trusting with personal information, it is crucial to read the privacy policy to confirm that they are protecting your sensitive data. We are living in a digital age, and we must be wary of the bad guys lurking around the web for vulnerable information. For more information on how to keep kids safe online, check out my seminar  that I did in partnership with the Lester B. Pearson School Board in 2011 and 2012.

@terrypcutler

 

tcutler
Lets Connect

tcutler

VP of Cybersecurity at SIRCO
I’m Terry Cutler, the creator of Insider Secrets from an Ethical Hacker on Internet Safety …That’s a system that’s been used to help defend corporations and individuals from cyber threats.
 
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
 
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.
tcutler
Lets Connect

Latest posts by tcutler (see all)

Author tcutler

I’m Terry Cutler, the creator of Insider Secrets from an Ethical Hacker on Internet Safety …That’s a system that’s been used to help defend corporations and individuals from cyber threats.   I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.   I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.

More posts by tcutler