When Hackers Target Toddlers: Why the Kido Hack Should Scare Every Parent

When Hackers Target Toddlers: Why the Kido Hack Should Scare Every Parent

By Mantas Sabeckis

When hackers go after hospitals, schools, or in this case nurseries, it feels like the lowest of the low. The Kido breach has put the personal details of thousands of kids in danger. Names, photos, home addresses, even notes about safeguarding issues have been stolen.

That’s the sort of information you can’t just cancel like a credit card. Once it’s out there, it’s out for good. This is the type of data that could enable stalking, harassment, or even targeting families who might already be vulnerable.

This hack exposes the same problems we see again and again. Many childcare and education providers aren’t thinking like targets. They’re small to mid-sized businesses that focus on care, not tech.

IT gets outsourced “just enough” to keep systems running, but not enough to build security into the DNA of the company. Data ends up sitting on outdated servers, without strong encryption, without multifactor authentication, and usually with staff who aren’t trained to spot phishing emails. It’s only a matter of time before a group like Radiant finds the cracks and enters.

The hackers playing it off as a “pentest” is laughable. A pentest, when done legitimately, is agreed on, planned, and controlled. What these attackers did was closer to breaking into someone’s home, taking photos of their kids’ bedrooms, and then asking the parents for cash to “prove the locks need fixing.” It’s extortion, plain and simple. Hiding behind cybersecurity buzzwords doesn’t make it acceptable.

So what can nurseries, or really any small chain of businesses handling sensitive personal data, do better? A few basics go a long way:

Encrypt everything. Photos, notes, addresses, databases – it should all be locked down so stolen files aren’t instantly usable.
Zero trust access. Staff should only see the data they need, nothing more. No wide-open database for everyone.
Regular backups and response drills. If ransomware hits, you need a way back online without fueling the crime economy.
Staff training. Parents trust nurseries with their children. Nurseries need to trust their employees to spot scams and follow strict security steps.

Clearly, if you’re holding information on kids, you’re a high-value target. Criminals don’t care about innocence. They care about leverage. That means the burden is on these institutions to treat child data like gold and defend it the same way banks defend their cash vaults.

ABOUT THE AUTHOR

Mantas Sabeckis is a senior security researcher at Cybernews, specializing in identifying data leaks, detecting vulnerabilities, and enhancing the security of AI systems. With a strong commitment to responsible disclosure, he collaborates with both large corporations and small organizations to help them address security issues before they can be exploited. Mantas’s work centers on understanding how sensitive data is exposed and sharing insights that contribute to stronger cybersecurity practices. His mission is clear: to make the internet a safer place for everyone by advancing research, promoting responsible security measures, and supporting initiatives that protect digital ecosystems.

ABOUT CYBERNEWS

Cybernews is a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing, and data. Founded in 2019 in response to rising concerns about online security, the site covers breaking news, conducts original investigations, and offers unique perspectives on the evolving digital security landscape. Through white-hat investigative techniques, Cybernews research team identifies and safely discloses cybersecurity threats and vulnerabilities, while the editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders with complete independence. For more, visit www.cybernews.com.

Cybernews has earned worldwide attention for its high-impact research and discoveries, which have uncovered some of the internet’s most significant security exposures and data leaks. Notable ones include:

Cybernews researchers discovered multiple open datasets comprising 16 billion login credentials from infostealer malware, social media, developer portals, and corporate networks – highlighting the unprecedented risks of account takeovers, phishing, and business email compromise.
Cybernews researchers analyzed 156,080 randomly selected iOS apps – around 8% of the apps present on the App Store – and uncovered a massive oversight: 71% of them expose sensitive data.
Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia.
The team analyzed the new Pixel 9 Pro XL smartphone’s web traffic, and found that Google’s latest flagship smartphone frequently transmits private user data to the tech giant before any app is installed.
The team revealed that a massive data leak at MC2 Data, a background check firm, affects one-third of the US population.
The Cybernews security research team discovered that 50 most popular Android apps require 11 dangerous permissions on average.
They revealed that two online PDF makers leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
An analysis by Cybernews research discovered over a million publicly exposed secrets from over 58 thousand websites’ exposed environment (.env) files.
The team revealed that Australia’s football governing body, Football Australia, has leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers’ personal data and players’ contracts and documents.
The Cybernews research team, in collaboration with cybersecurity researcher Bob Dyachenko, discovered a massive data leak containing information from numerous past breaches, comprising 12 terabytes of data and spanning over 26 billion records.