Security researchers with AV-TEST have discovered several major security vulnerabilities in a cheap smart watch for children made in China.The flaws in the watch and the accompanying mobile app exposed the location information of 5,000 children as well as the personal data of 10,000 parents.

According to AV-TEST CEO Maik Morgenstern, “the Chinese SMA-WATCH-M2 tops the security failures of other manufacturers by far.” One of the biggest issues was that the backend of the smartwatch is accessible via an Internet-facing API that doesn’t require proper authentication. This API is used by a mobile app that allows parents to retrieve information of their child’s smart watch. By accessing the API, the researchers were able to obtain the location information of smart watch wearers as well as the account information of parents.

Read more: Cheap kids smartwatch exposes the location of 5,000+ children