Messenger Kids App Found To Have Security Flaw


Facebook has been hit with another security issue — this time involving its Messenger Kids app.

The Verge reported that the social media giant has been shutting down group chats and alerting users of the app for the past week. The alert reads:

We found a technical error that allowed [CHILD]’s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]’s parent-approved friends. We want you to know that we’ve turned off this group chat and are making sure that group chats like this won’t be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We’d also appreciate your feedback.”

Facebook confirmed to The Verge that the alert had been sent to thousands of users. “We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats,” a Facebook representative said. “We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”

The issue was the result of the way Messenger Kids’ permissions is set up. During a one-on-one chat, children can only start conversations with users who have been approved by their parents. But that process becomes more complex with a group chat, which allows whoever started the chat to invite anyone who was permitted to chat with them, even if that individual wasn’t authorized to chat with the other kids in the group. That means that thousands of children were able to chat with unauthorized users, and it is unknown how long the bug was present.

The matter is especially complicated for Facebook because Messenger Kids is designed for children under the age of 13, which means its subject to the Children’s Online Privacy Protection Act (COPPA)


Latest Insights: 

Facebook is a giant in the ad game, with 2.3 billion active monthly users and $16.6 billion in quarterly advertising revenue. However, its omnipresence makes it a honeypot for fraudsters. In this month’s Digital Fraud Report, PYMNTS talks with Rob Leathern, Facebook’s director of product management, on how the site deploys automated systems and thorough advertiser vetting to close the lid on fraudster attempts.


To Top