How Shutterfly and Other Social Sites Leave Your Kids Vulnerable to Hackers
In reality everyone should be using the latest secure socket protocols found in TLS 1.2, but SSL is a start, and SSL 3.0 is really a subset of the newer TLS standards.
This spring, with millions of kids across the United States participating in sports leagues and other activities, coaches and harried parents are turning to social sharing websites to keep everything running smoothly. The most popular option is Shutterfly, which boasted around 5 million visitors per month as of March 2012. Shutterfly’s free “Team” service allows users (which includes anyone over 13) to upload photos of kids, home addresses, emails, gender information, phone numbers, school names, jersey numbers, and game schedules—all in one place. The American Youth Soccer Organization (AYSO) has a partnership with Shutterfly, and coaches actively encourage parents and coaches from over 50,000 soccer teams to utilize the service.
But there’s a catch: Even though Shutterfly’s privacy policy claims that the whole site is protected with SSL—a strong form of Internet security used to prevent websites from being hacked into—it isn’t actually using the encryption for much of the website, including the team pages that contain detailed information on the kids. While plenty of sites across the web don’t use this extra security, it’s more worrisome for a large social sharing site not to do so, especially one that features kids’ sensitive data. (Facebook, Twitter, and Google all use SSL, as do banks and many sites that conduct credit card transactions.)
Emails from representatives for Shutterfly, obtained by Mother Jones, show that the photo-sharing company has been aware of the problem for at least six months, but hasn’t taken action to fix it, nor asked users to remove their kids’ information from the site. That means that sensitive information about children can be easily obtained by anyone with basic tech skills, a quick download of a program called “Cookie Cadger,” and a computer with the right equipment.
More: How Shutterfly and Other Social Sites Leave Your Kids Vulnerable to Hackers