It has been reported that the company that sells the parental control spyware app Family Orbit has been hacked, and the pictures of hundreds of monitored children were left online only protected by a password. According to Motherboard that first reported the news, the Family Orbit spyware left exposed nearly 281 GB of data online. The hacker discovered the huge trove of data that was stored on an unsecured server and reported the discovery to Motherboard. The hacker found the key on the cloud servers of the spyware app.
Robert Capps, Vice President at NuData Security:
“This is yet another example of the difficulty we face in mitigating the threats to our children’s online safety and digital security, as traditional tools used to protect customers focus on adults, not on the most vulnerable among us.
Cybercriminals have become adept at collecting customer data, and seem to seek out children’s data as it is often pristine, rarely monitored for misuse, giving the attacker ample opportunity to misuse children’s identities before they are discovered. Pictures and videos combined with other data on the consumer from other breaches or even social media, build a complete profile. Using these real identities, and sometimes fake identities with valid credentials, cybercriminals will take over accounts, apply for loans, and much more. Young victims may not find out about the misuse of their own identity until they are 18 and declined for a line of credit, for a credit card or a student loan.
Every malicious hack has a snowball effect that far outlasts the initial breach. All customer information is valuable to fraudsters. Pictures, names, physical and email addresses, passwords, the content of emails – everything that can be used to compile an identity will be used. The current pandemic of data breach and fraudulent use of customer information has to be combated by first changing how we think about online identity verification. All customer data must be protected, but more importantly, it needs to become valueless in the hands of cybercriminals. This technology, that evaluates user’s behaviour, exists right now: it prevents fraudsters with stolen valid credentials from accessing accounts because they can’t replicate the customer behaviour.”