Teensafe is a monitoring app used by parents for keeping a check on the activities of their children. The app allows parents to access their child’s location, call history, messages, browsing history, and apps downloaded by them without their permission.
In a recent discovery by a UK based security researcher named Robert Wiggins, the app has leaked data containing Apple IDs and passwords of a large number of users.
Blamed on a leaky server hosted on Amazon’s cloud platform, the data breach is caused due to an unprotected server which was used for storing data without any encryption. Anyone could access the data without requiring a password to access it.
It was found out that the data was leaked from two servers which were pulled down in haste after the app owners were alerted by ZDNet. However, the other server is touted to contain only test data.
An official from Teensafe said, “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted”
Teen monitoring apps such as Teensafe have faced constant criticism for their privacy breaching nature but have been widely used in the US by parents to keep a tab on their children.
Servers of the app stored Apple IDs of parents and children including their corresponding passwords in plaintext. In order to run the app, the user had to turn off the Two Factor Authentication. This further complicated the case as anyone who has the access to the leaked data can simply log into Apple ID and view or modify the personal data of parents as well as children.
As reported by ZDNet, the faulty server has as many as 10,200 records at the time of the breach.
This breach has certainly raised questions about the credibility of monitoring apps and their increased usage.