A popular “secure” monitoring app, TeenSafe, used by parents to monitor the location, calling history, text messages, and browsing history of their kids has suffered a data breach. The company behind TeenSafe left its servers hosted on Amazon Web Services platform unprotected thereby making them accessible to anyone without a password.
More worryingly perhaps, TeenSafe requires parents to disable 2-factor authentication in the accounts of their children to have proper access to it. And a file found on their servers contained a list of the parent’s email ID along with their children’s Apple ID, their device name, unique identifier, and their Apple ID account password in plaintext. This data is enough for a hacker or anyone with unauthorized access to the server to break into the account of any of the child’s account and go through their personal data.
The unprotected servers were first discovered by UK-based security researcher Robert Wiggins, with ZDNet informing the company about the breach after which they were taken offline.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson told ZDNet on Sunday.
As ZDNet points out, TeenSafe claims on its website that it secures and encrypts all data to ensure proper protection in case of a data breach. Right now, the company says that it is assessing the situation and will provide more details as and when possible.
If you are a parent using TeenSafe to keep track of your child’s whereabouts, you should immediately ask them to change the password of their account and enable two-factor authentication while at it. TeenSafe is a very privacy-invasive app which is why you should avoid using it. If you want to monitor your child whereabouts, you can make use of the Find My iPhone feature until Apple unveils iOS 12 which should come with its fair share of improvements in this department.