Popular parental teen-monitoring app left user Apple IDs exposed

By

TeenSafe
Passwords and email addresses were available in plaintext.
Photo: ZDNet

A popular app called TeenSafe, used by parents to keep tabs on their teenage children’s phone activity, has reportedly been compromised, resulting in “tens of thousands” of account details being exposed.

While no photos, messages or location data was revealed, the database featuring parent email addresses and their corresponding child’s Apple ID email address, plaintext password and device name was accessible. The TeenSafe app described itself as a “secure” monitoring app.

The information — hosted on Amazon’s cloud services — was unprotected and accessible by any users. It’s not clear whether the data was maliciously accessed by any bad actors, although it’s nonetheless a monumental security lapse. It’s also unclear why the data was stored in plaintext and not properly encrypted.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet after the vulnerability was discovered.

Apps such as TeenSafe are often viewed as being controversial and a potential invasion of privacy, since they don’t necessarily require parents to get the consent of their kids to use them.

A brief history of data breaches

Apple is very security and privacy-conscious when it comes to protecting user data. However, in the past there have been a few notable example of data being compromised by third parties.

In 2015, around 225,000 Apple accounts were reportedly stolen by malware on jailbroken iPhones, in what was claimed to be “one of the largest known thefts of its kind.” In some cases, this data was then used to make unauthorized purchases.

There have also been reports in China of Apple IDs being sold on the black market, often stolen by hackers and acquired from methods like phishing schemes. Last year, 22 people were arrested in Zhejiang, China for selling this data for prices ranging from $1.50 to $26 per user.