THIS APP LEAKED THOUSANDS OF IDS AND PASSWORDSDate: 2018-05-22
Thousands of users' data has been leaked on the so-called TeenSafe app.
TeenSafe is a teen device-monitoring app, who have had their information compromised, according to a report by ZDNet. At least one of the app’s servers, which are hosted by Amazon’s cloud service, was accessible to everyone without requiring a password, giving them entry to highly personal data including Apple IDs.
The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website that it uses encryption to protect user data.
The TeenSafe app allows parents to access their children's web browser history, text messages (including deleted SMS and iMessages as well as messages on WhatsApp and Kik), call logs, device location, and it allows parents to observe which third-party apps have been installed.
According to ZDNet, a UK security researcher Robert Wiggins found two servers that have been undermined, though only one appears to host test data. "We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," a TeenSafe spokesperson told ZDNet.
Around 10,200 accounts – from the past three months – were compromised, but that number also includes duplicate accounts. The compromised data did not include photos, messages, or location data.
The TeenSafe server stores parents' email address used for their account and their child's email address, the child's device name, and the device's identifier. TeenSafe requires two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts.
The app is available on both iOS and Android and does not require parents to seek their child's consent to access their smartphone.
This security breach is the latest in a long line of recent security lapses. Over the past few months, data breaches have hit companies including Uber Armour, Facebook, Delta Sears and Orbitz. While TeenSafe data compromise might affect only a slither of web users, it is a timely reminder to remain vigilant when it comes to your online life.