Terry Cutler – The Ethical Hacker
Home » Family Friendly Social Site is Leaving Your Kids’ Information Unprotected for Hackers to Find

Family Friendly Social Site is Leaving Your Kids’ Information Unprotected for Hackers to Find

Family Friendly Social Site is Leaving Your Kids' Information unprotected for Hackers to Find shutterflyMany people believe that once we are behind a computer, we become anonymous. Of course, we should protect ourselves by not posting any sensitive  information on public online spaces, but there are many other ways that you and your family could be easily found without sharing any distinct personal details. Another aspect of cyber security that Digital Locksmiths works with is online safety, particularly for children.

It goes without saying that you should not post personal information in dangerous places like chatrooms, but what about websites that are designed to be safe and family-friendly? It has recently become known that the popular photosharing site, Shutterfly, has been untruthful about its privacy policies . Although the site claims to be entirely protected by SSL––a cryptographic protocol that keeps online communications secure––in its privacy policy , the website is using the encryption for only some aspects of the website. Other popular applications, such as Shutterfly’s popular and free “Team” service is not. The Shutterfly “Team” service has a partnership with the American Youth Soccer Organization (AYSO), and encourages parents and coaches to sign up their athletic groups so they can have a central location to share team photos and roster information, including home addresses, contact information, gender, schools, jersey numbers, and game schedules. While it is great that Shutterfly is securing its users’ credit cards, isn’t it concerning that they are not protecting children?

According to the Mother Jones article, Shutterfly representatives have been aware of this problem for at least six months, but has not taken any steps to remediate the issue, or warned its users of the insecure details on their children. Suddenly, this sensitive information could become accessible to anyone with basic tech skills, and knowledge about cookie-catching software.

There are two popular programs called Firesheep and CookieCadger that have been circulating the Internet since 2011 that make hacking unknowing user’s personal accounts quickly and easily. Provided that you are in the same wifi zone (i.e. in a coffee shop, or other hotspots that aren’t password protected) programs like Firesheep and CookieCadger allows hackers to gain access to even your password-protected websites with the click of a couple buttons. This because once you have entered your password into whatever site you are using, the SSL stops working on sites like Shutterfly that are not entirely SSL-protected. Hackers using Firesheep or CookieCadger can see that you’ve logged into these pages, and now have access to them as well. They would now be able to view all of the user’s sensitive information contained on that site. In the case of Shutterfly, they would now know everything about where you child lives, how old they are, what school they go to, and where they will be and when.

When using websites that you are trusting with personal information, it is crucial to read the privacy policy to confirm that they are protecting your sensitive data. We are living in a digital age, and we must be wary of the bad guys lurking around the web for vulnerable information. For more information on how to keep kids safe online, check out my seminar  that I did in partnership with the Lester B. Pearson School Board in 2011 and 2012.



Subscribe to our mailing list

* indicates required

Related posts

Terry Cutler is Named #1 to IFSEC Global’s Top 20 Most Influential People in Cybersecurity

Terry Cutler

EC-Council Helps Terry Cutler Become Local Media’s “Ethical Hacker Guy”

Terry Cutler

New Year wish for 2012 !!

Terry Cutler

Billions of data exposed through data breaches

Terry Cutler

Cyber Security Today – Warning for Asterisk phone system admins, U.S. tries to get a $1 billion criminal bitcoin account and beware of election-related malware

Terry Cutler

The Name’s Bond, Digital Bond! A Guide to Getting a Job as an Ethical Hacker

Terry Cutler


Privacy & Cookies Policy