Messenger Kids App Found To Have Security Flaw


Facebook has been hit with another security issue — this time involving its Messenger Kids app.

The Verge reported that the social media giant has been shutting down group chats and alerting users of the app for the past week. The alert reads:

We found a technical error that allowed [CHILD]’s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]’s parent-approved friends. We want you to know that we’ve turned off this group chat and are making sure that group chats like this won’t be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We’d also appreciate your feedback.”

Facebook confirmed to The Verge that the alert had been sent to thousands of users. “We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats,” a Facebook representative said. “We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”

The issue was the result of the way Messenger Kids’ permissions is set up. During a one-on-one chat, children can only start conversations with users who have been approved by their parents. But that process becomes more complex with a group chat, which allows whoever started the chat to invite anyone who was permitted to chat with them, even if that individual wasn’t authorized to chat with the other kids in the group. That means that thousands of children were able to chat with unauthorized users, and it is unknown how long the bug was present.

The matter is especially complicated for Facebook because Messenger Kids is designed for children under the age of 13, which means its subject to the Children’s Online Privacy Protection Act (COPPA)



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.