Parental control software exposes thousands of accounts in unprotected server

A device-monitoring app which allows parents to keep track of their children’s phones reportedly suffered a leak this week, when thousands of accounts were allegedly compromised.

A ZDNet report claims that a list of plaintext Apple ID passwords belonging to TeenSafe accounts were discovered in an unprotected server hosted by Amazon Web Services.

Information from around 10,200 accounts belonging to children, including email addresses and device identifiers, was allegedly accessible on at least one of the servers.

This is according to researcher Robert Wiggins, who said he found two unprotected servers belonging to the app.

The app allows parents to keep track of their kids’ mobile activity, giving them access to call logs, text messages, images, web browser history, and app downloads.

But the data stored on the services only included email addresses belonging to the children and parents, passwords, and device information.

However, as ZDNet pointed out, the app requires that two-factor authentication is turned off – meaning a child’s account can be easily compromised by anyone viewing the leaked data.

TeenSafe has reportedly pulled both of its servers offline following the disclosure yesterday.

It also claimed it is informing those whose information may have been compromised.

This latest leak raises questions regarding the app’s security, as well as the kids’ right to privacy.

TeenSafe claims it uses encryption to safeguard users’ information – an important feature when it comes to hoarding children’s data.

Why, then, was the information accessible in plaintext format?

The company claims it is investigating the issue and will update users with new information.