TeenSafe, a popular mobile app used by parents to monitor the location and online activity of their children, has reportedly leaked tens of thousands of passwords related to both parent and child accounts.
According to its CEO Rawdon Messenger, TeenSafe is an IOS and Android app that believes “privacy is trumped by safety.” It enables parents to monitor their child’s phone activity, including text messages, call logs, contacts, browsing history, real-time location and location history.
It hosted some of its servers unprotected on Amazon’s cloud service, ZDNet reports, meaning anyone could access the information without a password. The servers were reportedly spotted and accessed by UK-based tech security researcher Robert Wiggins, who revealed the flaws.
The servers contained the email address of parents with TeenSafe accounts, as well as the email address and name associated with the Apple ID of the children they were monitoring. Passwords for the kid’s Apple ID accounts were also stored in plaintext with no encryption.
At least 10,200 records were discovered in the leak, however some are duplicates, and one server only stored test data. Both servers have since been pulled offline by TeenSafe, however it’s unknown if any of their other servers could have been accessed so easily.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet on Sunday.
TeenSafe say they encourage parents to inform their kids about the service, but the parent doesn’t need to have their child’s consent to access the information. The Los Angeles-based service claims to have more than a million users in the US and has branched into Australia, Canada, Mexico, New Zealand and India.
RT.com has reached out to TeenSafe for comment.
Like this story? Share it with a friend!