TeenSafe App Leaks Apple ID Credentials of Thousands of Parents, Children

HIGHLIGHTS

TeenSafe app is found to have leaked user data
It reportedly exposed Apple IDs and their passwords in plaintext
The vulnerable servers have been disabled

TeenSafe, an app that lets parents monitor their children’s text messages, social media, and phone location, is found to have leaked data related to thousands of its users that include both parents as well as children. The data, which was reportedly stored on two of the vulnerable servers backed by Amazon Web Services, compresses the email addresses of parents that are associated with the teen monitoring app, alongside the Apple IDs of children and their plaintext passwords. It is also said that at least 10,200 records from the past three months were put at risk.

UK-based security researcher Robert Wiggins reported that two of the TeenSafe servers had exposed the user data, as spotted by ZDNet. While the company pulled the affected servers shortly after it received an alert, ZDNet was able to verify some of the data exposed. It is reported that the servers were unprotected and accessible without requiring a password. Further, as the app asks users to disable the two-factor authentication, attackers can view personal data only using the credentials that surfaced on the servers.

Among other data surfaced, there were the email addresses and passwords of the parents using the TeenSafe app in addition to the email address of children that were used as their Apple ID. It is also reported the device names of children who were being tracked using the app were spotted alongside their device’s unique identifier. Likewise, the data also included error messages associated with a failed account action – in some instances highlighting the time when parents weren’t able to identify their children’s real-time location. All this was notably stored in plaintext instead of under any encryption. However, the company claims on its website that its app is “secure” and uses encryption to protect the data.

ZDNet’s Whittaker verified the leak by reaching out the parents whose email addressed were spotted in the leaked data. Moreover, various email addresses of children were found to be associated with their high schools.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson said in a statement to ZDNet.

Since the vulnerable servers are no longer live for access, attackers won’t be able to obtain the data. However, TeenSafe hasn’t provided any clarity on how it is set to protect their servers in future.

Source: gadgets.ndtv.com

Breaking News

Google announces Entertainment Space for Android tablets

Google in talks with Jio, Airtel to introduce high-speed internet using light beams, says report

Best of 2020 honors’ from the Google Play Store: The best app for 2020 is Sleep by Wysa

Google bans these popular Android apps, now you must delete them from your phone

Windows 10 May 2020 Update triggers issues in Google Chrome

Test Version Of Android Quietly Rolled Out By Google

Google Search Trends Show Searches for Relaxation, Meditation, Breathing Exercises at All-Time High

Everything announced at the Google for Games Developer Summit

Google Maps Now Shows Public Food and Night Shelters Across 30 Cities Amid Lockdown

Facebook takes on Google, building own operating system

TeenSafe App Leaks Apple ID Credentials of Thousands of Parents, Children

HIGHLIGHTS

Leave a Reply Cancel reply