How Shutterfly and Other Social Sites Leave Your Kids Vulnerable to Hackers
In reality everyone should be using the latest secure socket protocols found in TLS 1.2, but SSL is a start, and SSL 3.0 is really a subset of the newer TLS standards.
This spring, with millions of kids across the United States participating in sports leagues and other activities, coaches and harried parents are turning to social sharing websites to keep everything running smoothly. The most popular option is Shutterfly, which boasted around 5 million visitors per month as of March 2012. Shutterfly’s free “Team” service allows users (which includes anyone over 13) to upload photos of kids, home addresses, emails, gender information, phone numbers, school names, jersey numbers, and game schedules—all in one place. The American Youth Soccer Organization (AYSO) has a partnership with Shutterfly, and coaches actively encourage parents and coaches from over 50,000 soccer teams to utilize the service.
Emails from representatives for Shutterfly, obtained by Mother Jones, show that the photo-sharing company has been aware of the problem for at least six months, but hasn’t taken action to fix it, nor asked users to remove their kids’ information from the site. That means that sensitive information about children can be easily obtained by anyone with basic tech skills, a quick download of a program called “Cookie Cadger,” and a computer with the right equipment.