11 matches found
CVE-2026-27679
CVE-2026-27679 affects the SAP S/4HANA frontend OData Service (Manage Reference Structures). Missing authorization checks allow an attacker to update and delete child entities via exposed OData services, impacting integrity (I: High) with no confidentiality or availability impact stated. CVSS v3....
Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store
Is your child's data safe? Google settles for $8.25M over claims it tracked kids under 13 without parental…...
Roku accused of selling children’s data to advertisers and brokers
The state of Florida has accused Roku, which powers many smart TVs and streaming devices, of selling children's data to third parties without their consent. According to the Florida Attorney General James Uthmeier, Roku collected viewing habits, voice recordings, and precise geolocation from kids...
A week in security (September 29 – October 5)
Last week on Malwarebytes Labs: From threats to apology, hackers pull child data offline after public backlash Your Meta AI conversations may come back as ads in your feed Scam Facebook groups send malicious Android malware to seniors Sendit tricked kids, harvested their data, and faked messages,...
From threats to apology, hackers pull child data offline after public backlash
Last week we yelled at some “hackers” that threatened parents after stealing data from their children's nursery. This followed a BBC report that a group calling itself “Radiant” claimed to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the U...
Sendit tricked kids, harvested their data, and faked messages, FTC claims
The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...
Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data
Just when you think extortionists can’t sink any lower, along comes a lowlife that manages to surprise you. The BBC reported that a group calling itself "Radiant" claims to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the UK, US, China, an...
Google settles YouTube lawsuit over kids’ privacy invasion and data collection
Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of...
My child had her data stolen—here’s how to protect your kids from identity theft
Recently, I received a letter in the mail from a company about a data breach. The letter said that the company had been a victim of a cyberattack back in March in which files were scrambled what we know as ransomware. The attacker had also accessed sensitive files and customer health data. Sadly,...
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
The Irish Data Protection Commission DPC slapped TikTok with a €345 million about $368 million fine for violating the European Union's General Data Protection Regulation GDPR in relation to its handling of children's data. The investigation, initiated in September 2021, examined how the popular...
Eigen&Wijzer Ouderapp 安全漏洞
Eigen&Wijzer Ouderapp is a parent app from the individual developers of Wedaycare B.V.. It is used for parents to check on their children's lives. A security vulnerability exists in Eigen&Wijzer Ouderapp versions prior to v1.1.22, which stems from the fact that it allows an attacker to change the...