Companies and Brands
How a Teen Monitoring App Leaked Thousands of User Accounts
Published:
Last Updated:
The main selling point of a mobile app TeenSafe is that it offered parents a way to keep track of how their teenage children were using their smartphones. Now, it seems, the app maker has inadvertently leaked account information on tens of thousands of teens and their parents.
The mobile app is available for both Apple Inc. (NASDAQ: AAPL) iOS and Alphabet Inc. (NASDAQ: GOOGL) Android operating systems. TeenSafe gives parents access to text messages, location data and web browsing history, along with call logs, contact lists, bookmarks and messages sent in other apps such as Kik and WhatsApp. Parents do not need to get their children’s permission to use TeenSafe.
A U.K.- based security researcher, Robert Wiggins (@Random_Robbie) found two leaky TeenSafe servers hosted on Amazon’s cloud platform that had been left unprotected and thus accessible to anyone without so much as a password.
If this incident is similar to earlier Amazon Web Services leaks, an administrator for TeenSafe failed properly to set administrative privileges on the data.
According to ZDNet, the TeenSafe database stores the parents’ email addresses that are associated with TeenSafe and their child’s Apple ID email address, including the child’s device name and the device’s unique identifier. Included in the data are plaintext passwords for the child’s Apple ID. ZDNet notes:
Because the app requires that two-factor authentication [be] turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.
The leaked data did not include content data such as photos or messages or location information either on the children or their parents. Error messages generated, for example, by a failed parental attempt to look-up a child’s location, were included in the leaked data.
TeenSafe, which claims over a million parents as customers, told ZDNet on Sunday that the company has “taken action to close one of our servers to the public and begun alerting customers that could be potentially impacted.”
The server that was taken offline held more than 10,000 records (some are duplicates) generated over the past three months. The other server was apparently stored test data and it is not known if other servers and additional data were leaked.
The thought of burdening your family with a financial disaster is most Americans’ nightmare. However, recent studies show that over 100 million Americans still don’t have proper life insurance in the event they pass away.
Life insurance can bring peace of mind – ensuring your loved ones are safeguarded against unforeseen expenses and debts. With premiums often lower than expected and a variety of plans tailored to different life stages and health conditions, securing a policy is more accessible than ever.
A quick, no-obligation quote can provide valuable insight into what’s available and what might best suit your family’s needs. Life insurance is a simple step you can take today to help secure peace of mind for your loved ones tomorrow.
Click here to learn how to get a quote in just a few minutes.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.