ZDNet has reported a new report. This report states that ‘Apple ID passwords leaked as teen phone monitoring app’s data breached’. The app is called TeenSafe. The app is essentially a monitor for your teenagers’ phone. Allowing parents to monitor text messages, location, calling history, web history, etc. This data breach was significant. This is because in the data breach, there was a list of plaintext Apple ID passwords.
How did this happen?
According to the report, the TeenSafe app’s servers were left unprotected. These servers are hosted on Amazon’s Web Services platform. Because they were unprotected, anyone could access them without a password. After ZDNet notified the company of the security breach, they made the servers go offline.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson told ZDNet on Sunday.
What was included in the security breach?
In the breach, a list of parents’ email addresses was shown. As well as their child’s Apple ID email address. Also, it included their device’s unique device identifier as well as plaintext passwords for the child’s Apple ID. To make it worse, the app requires two factor authentication to be off. This is so that the parent can monitor their children’s activity without consent. However, none of the data on the servers showed location or photos or messages data. The company even claimed that there were over 1 million parents using the service. Despite this claim, there is only 10,200 records on the servers that were checked.
“Shortly before the server went offline, there were at least 10,200 records from the past three months containing customers data — but some are duplicates. One of the servers appeared to store test data, but it’s not known if there are other exposed servers with additional data.”
This issue has been resolved. If you have been affected by this or have any further questions, feel free to leave them below!
(Featured image used on 9to5mac)