A UK-based researcher discovered that the TeenSafe app had leaked information on thousands of parents and children.
The TeenSafe app allows parents to monitor their children’s digital activities like text messages, social media, web browsing history, call logs, and mobile device location. Aside from that, the app also enables parents to observe the third-party applications that have been installed by their children on their phone.
However, Robert Wiggins, a UK-based security researcher, found that the California-based company has left its servers unprotected and exposed to virtually anyone even without security credentials. The two servers were reportedly hosted in Amazon Web Services and were immediately pulled offline by TeenSafe after ZDNet reported the incident.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a spokesperson for the company was quoted as saying.
Further reports said that the leaked information includes parents’ email addresses, the children’s Apple ID email addresses, device names, device unique IDs, and plaintext passwords for the children’s Apple ID.
The application’s two-factor authentication was also turned off, which could allow any cybercriminal who has a copy of the credentials to break into any child’s account and access all personal content data.
Around 10,200 accounts from the past three months were reportedly compromised. However, some of these records were duplicates. The leaked data did not include any messages, photos, or location data.
While the exposed servers were already pulled offline and can no longer be accessed by anyone, the owners of the TeenSafe app still haven’t issued any official statement yet about the incident and how it plans to keep its servers protected in the future.