Facebook Messenger Kids was created and touted as a safe place for kids to engage with select friends and family. But what happens when that safe place is made vulnerable to hackers? Unfortunately, that very thing happened in 2019, resulting in kids under the age of 13 to be able to chat online with complete strangers. In this article, we’re covering the Facebook Messenger Kids: Hacked debacle, and offering ways for parents to keep their kids safe.
FB Hack: Messenger Kids
The safety breach was made apparent in July of 2019. The bug in the program affected group chats, which did not restrict kids’ interactions to only approved members, as they are in 1:1 conversations. Apparently, anyone in the group chat could invite their connections to join even if the individual hasn’t been approved by the parents of all kids involved in the chat. While these individuals could be complete strangers, there are still some degrees of connection to the kid’s original connections. But that’s only partially comforting.
Facebook spokesperson, Thomas Richards, provided the following statement to TechNewsWorld: “We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats. We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”
Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University in Pittsburgh, shared her own observations on the breach:
“It’s a problem with access control. Access control can be really hard,” she told TechNewsWorld, “A lot of companies get it wrong in many ways, and this is just the latest example of how they weren’t careful with their access control. We see it all the time in the corporate world where the wrong people have access to something they shouldn’t have access to because it’s hard to do access control correctly.”
This was an incredibly alarming find, as parents had put their full trust in Messenger Kids. Facebook kept the incident relatively quiet, only sending an alert to the parents of kids with affected accounts.
The alert, which was obtained by The Verge, reads as follows:
We found a technical error that allowed [CHILD]’s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]’s parent-approved friends. We want you to know that we’ve turned off this group chat and are making sure that group chats like this won’t be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We’d also appreciate your feedback.
Facebook responded to the incident by rolling out new safety features. These include:
- Recent Contacts and Chat History: Parents can see whom their kids are chatting with and how frequently along with a 30-day history.
- Log of Images in Chats: Parents can view the images and videos in the kid’s chat thread.
- Reported and Blocked Contacts History: Users can view the history of contacts and messages that their kids ever blocked or reported. Parents will also receive notifications for such actions performed by their kids.
- Remote Device Logout: Parents can view the devices where their kids sign-in or sign out to Messenger Kids app.
- Download Your Child’s Information: Through this option, parents can request their child’s Messenger Kids information. Though, performing this action will notify the child as well.
Common Sense Media Guidelines
Common Sense Media is an online safety resource designed for parents and educators. The following bullet points outline the steps that they recommend parents to take if they believe their child’s device has been hacked.
- Double-check. If you suspect you’ve been hacked, go to Have I Been PWNed? Using this site, you can see whether your usernames or passwords have been compromised in recent data breaches.
- Disable the account. This might be obvious, but you should delete the breached account on any other devices that access it. You may have an app for your kid’s Internet-enabled toy on your smartphone or tablet, for example. Get rid of all the software associated with it by uninstalling it completely.
- Check linked accounts. The breached account may be linked to other programs — for example, anything that lets your kid play or chat with other users. Check the settings and delete those connections.
- Change your passwords on all sites that require logins. This is time-consuming, but you never know what the hackers have access to. Use a password manager (such as LastPass or 1Password) to store your passwords, or write them down and keep them in a locked drawer.
- Establish a fraud alert on your credit report. The Privacy Rights Clearinghouse explains how to do this and offers more steps to take if and when your personal data gets compromised.
- Consider creating a credit freeze for your child. Identity theft of kids is on the rise, because their histories are “clean.” Learn more about how to do a credit freeze.
They also provide a list of proactive measures that parents and minors can take while engaging with the online world. We highly recommend reading through the following bullet points and putting these recommendations into action.
- Look for an “s” in the Internet address. Does the URL begin with “https”? The “s” on the end means there’s an extra layer of security on the website. Make sure that “s” is there both before and after your kid logs in.
- Do a password check. Pretend your kid has forgotten his or her password. Does the site display the password or email it to him or her? If so, the password is not securely protected. Sites that send a link prompting you to create a brand-new password are safer.
- Check sharing settings. If kids are creating websites, sending messages, or creating other shareable content online, make sure the privacy settings are as strict as possible. You can test this by pasting your kid’s website URL into a new browser to test what it looks like to the public.
- Skip anything that’s not required. Plenty of companies will ask for more information than they really need. If you can register without it, don’t offer it up. And be especially careful with social security numbers.
- Create strong — really crazy — passwords, and never share them. Guessable passwords that spell out real words make your account vulnerable. Use these tips for creating good ones.
- Tell your kids to be careful with their information. Instruct them to get your help when filling out online forms. If they create profiles on school computers, make sure they know what to keep private: phone numbers, addresses, social security numbers, jersey numbers, and so on.
- Be careful with downloads and other links. Spyware, malware, and other nasties can be embedded in unassuming downloads. Keep your virus protection up to date, and make sure kids get permission before downloading.
As with all social media platforms, support is eventually going to be needed. What happens if help is needed with a Facebook account? While Facebook doesn’t offer live customer service, they do offer Messenger Kids Help Center parent resources available HERE. Help Center articles specifically for Facebook Messenger Kids are available HERE. If the issue is with the adult’s account, the general Facebook Help Center can be found HERE. It’s important to note that the Help Center is completely self-serve; users won’t have any guidance in solving their issue.
If you want actual help resolving an issue, fig social is the world’s first Live, On-Demand, 24/7 Facebook Support service! Whether you need to Recover a Disabled Account or you believe your Account has been Hacked, we can help you. CLICK HERE to learn more about what we do and how we can help you with your Facebook Account Problems.
We’ve also put together some resources to help with common Facebook issues: A guide to what to do if your Account is Hacked (CLICK HERE to read); How to generate a Secure Facebook Password (CLICK HERE to check it out); A library of Facebook Support How-To videos (CLICK HERE to see all 20 videos).