TeenSafe app fails to keep teens safe – giant data leak exposed

An app used by parents to monitor teenagers’ smartphone activity has leaked the usernames and passwords for over 10,000 accounts, according to a startling report over the weekend.

The TeenSafe app – which is used by patents to keep an eye on calls, texts, web activity and installed apps – left usernames and passwords unprotected on an Amazon cloud server.

One server in particular was assessable without a password, ZDnet reports, exposing the accounts of both parents and children.

Email addresses of the parents’ accounts as well as the email addresses and unencrypted/unhashed passwords of the childrens’ Apple ID account were available. It also featured the name of the device they were using and other unique identifiers.

This is particularly concerning for the children caught up in this mess. Because the TeenSafe app requires two-factor authentication to be disabled by default, anyone who accessed this data could easily break into the Apple ID account.

No firewall

The discovery was made by UK security researcher Robert Wiggins (@Random_Robbie), who explained the server lacked the most basic security measures, such as a firewall.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet.

Over one million parents use this service.

Perhaps it isn’t really isn’t that surprising that a company operating on the assumption that teenagers do not require privacy from their parents would be so careless with the personal data associated with their use?

Do you use an app like TeenSafe to monitor your kids’ smartphone activity? Do you find it to be the only way to keep them safe in a terrifying online climate? Share your thoughts @TrustedReviews on Twitter.