Teen-monitoring app TeenSafe leaks thousands of user IDs and passwords

Thousands of parent and child accounts in TeenSafe, a device monitoring app for teenagers, have had their information compromised, according to a report from ZDNet . At least one of the application's servers, which are hosted on Amazon's cloud service, was accessible to anyone without a password, which allowed them to access highly personal data, including Apple IDs. According to reports, the data, including passwords and user IDs, were stored in plain text, although TeenSafe states that its website uses encryption to protect the user's data.

The TeenSafe app allows parents to access their children's web browser history, text messages (including SMS and iMessages and deleted messages on WhatsApp and Kik), call logs, device location and allows them to see which apps of third parties have been installed.

ZDNet notes that UK security researcher Robert Wiggins discovered that two servers had been undermined, although only one seems to harbor test data. "We have taken steps to close one of our servers to the public and have begun to alert customers who might be affected," said a TeenSafe spokesperson ZDNet.

Committed accounts
Image: ZDNet [19659006] Around 10,200 accounts for the last three months were compromised, although that number also includes duplicates. The compromised data did not include photos, messages or location data. The server stores the email address of the parents used for your TeenSafe account and your child's email address, the child's device name, and the device identifier. TeenSafe requires that two-factor authentication be turned off for the application to work, so anyone with just one password can easily access compromised accounts. The application is available on iOS and Android and does not require parents to seek their child's consent to access their phone.

This breach is the latest in a long list of recent security lapses. In recent months, data breaches have affected companies such as Under Armor, Facebook (again), Delta and Sears, and Orbitz. While this commitment to TeenSafe data could only affect a group of web users, it is a timely reminder to stay alert when it comes to your online safety.

Leave a Reply