HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Regulators Flag TikTok, YouTube, and Roblox as Unsafe for Children – Age Gates Insufficient

Ofcom has declared TikTok and YouTube’s recommendation feeds unsafe for children, while Roblox, Snap, and Meta promise limited safety upgrades. Weak age‑verification methods expose minors to harmful content and create large PII repositories, raising significant third‑party risk.

LiveThreat™ Intelligence · 📅 May 21, 2026· 📰 malwarebytes.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Regulators Flag TikTok, YouTube, and Roblox as Unsafe for Children – Age Gates Insufficient

What Happened — Ofcom’s latest review concluded that TikTok and YouTube’s recommendation feeds are “not safe enough” for children, while Roblox, Snap, and Meta have pledged additional safety measures. The regulator highlighted that existing age‑verification tricks are easily bypassed, exposing minors to sexual content, offensive language, and grooming risks.

Why It Matters for TPRM

  • Child‑focused platforms are high‑value targets for data‑theft, identity‑theft, and malware campaigns.
  • Weak age‑gate implementations create large centralized PII stores that can become breach vectors.
  • Third‑party risk programs must evaluate vendors’ moderation, data‑handling, and verification practices beyond surface‑level compliance claims.

Who Is Affected — Social media (TikTok, YouTube), online gaming (Roblox), and broader digital‑media ecosystems that serve users under 13.

Recommended Actions

  • Review contractual clauses for child‑safety controls, moderation standards, and data‑retention limits.
  • Validate that any age‑verification solution does not require excessive personal data (e.g., government IDs, biometrics).
  • Conduct periodic audits of content‑moderation processes and incident‑response capabilities for child‑focused services.

Technical Notes — The issue is not a specific vulnerability but a systemic risk: inadequate content moderation, easily circumvented age‑gates, and centralized collection of sensitive PII (including potential biometric data). These factors increase the attack surface for phishing, malware, and credential‑theft campaigns targeting minors. Source: Malwarebytes Labs

📰 Original Source
https://www.malwarebytes.com/blog/family-and-parenting/2026/05/tiktok-youtube-and-roblox-face-scrutiny-but-age-gates-wont-fix-child-safety

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →