A popular app that helps parents keep tabs on their kids’ phone activity has at least one leaky server, according to ZDNet, with tens of thousands of user account details breached. Called TeenSafe, the app touts itself as a “secure” monitoring app available on both Android and iOS, and lets parents check their kids’ messages, call and search history, as well as keep tabs on their location. ZDNet reports that the app’s servers, hosted on Amazon’s Web Services cloud platform, were left unprotected, giving anyone access to the app’s user database without a password. “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet over the weekend. Exposed First discovered by UK-based security researcher Robert Wiggins, the data breach includes email addresses of parents with TeenSafe accounts, alongside Apple IDs and passwords – stored in plaintext – of the children. The server also stored the names and the unique identification numbers (IMEI) for each device. However, no app content (such as photos or messages) was stored on the servers. Ironically, for the app to work, TeenSafe requires two-factor authentication to be disabled — meaning anyone with ill intentions can access those Apple ID accounts with just the login credentials easily available from the leaky servers. Although the offending servers have been shut down, there were reportedly “at least 10,200 records from the past three months containing customers data – but some are duplicates”… [Read full story]
You are here: / / TeenSafe phone-monitoring app leaks thousands of Apple ID account logins
TechRadar is an online publication focused on technology, with editorial teams in the US, UK, Australia and India. It provides news and reviews of tech products and first launched in 2008.