TeenSafe, an app that lets parents monitor the location of their children, has leaked the account and password details for “tens of thousands” of its users.
The security breach was uncovered by Robert Wiggins, a UK-based security researcher who searches for public and exposed data. He found two “unprotected” Amazon-hosted computer servers that were being used by the Los Angeles-based company behind the app, ZDNet reports.
One of the servers stored the email addresses and Apple ID information of users, while the other appeared to contain “only test data”, according to the news tech site. TeenSafe took both servers offline after being informed about the leak.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A TeenSafe spokesperson told ZDNet: “we have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.”
Speaking to the BBC, Wiggins said TeenSafe had not employed “basic security measures” on the affected computer servers.
The app, available for iPhone and Android mobiles, uses tracking software that can be “downloaded by parents onto their child’s smartphone”, The Daily Telegraph says.
Once installed, parents can use the software to monitor their children’ location, text messages and calls, as well as access their internet browsing history.
What is “particularly concerning” about the leak is that the data had been stored in “plain-text form”, which was not protected by any form of encryption or firewall, says Digital Trends.
This means hackers would have “little trouble accessing an exposed Apple ID account”, as they could simply copy the login details from the “leaky server”, the site says.
The TeenSafe data breach is far from the first of its kind.
Companies including Facebook, Delta Airlines and the travel booking website Orbitz have been hit by leaks in recent months, reports The Verge.
-
Taps could run dry in drought-stricken TehranUnder the Radar President warns that unless rationing eases water crisis, citizens may have to evacuate the capital
-
Alaska faces earth-shaking loss as seismic monitoring stations shutterIN THE SPOTLIGHT NOAA cuts have left the western seaboard without a crucial resource to measure, understand and predict tsunamis
-
10 great advent calendars for everyone (including the dog)The Week Recommends Countdown with cocktails, jams and Legos
-
TikTok alternatives surge in popularity as app ban loomsThe Explainer TikTok might be prohibited from app stores in the United States
-
Spotify has an issue with 'fake artists'In the Spotlight Some of these bands are reportedly generating millions of streams from Spotify users
-
Justice Department bites Apple with iPhone suitSpeed Read The lawsuit alleges that the tech company monopolized the smartphone industry
-
Phubbing: a marriage-wrecking habit?Talking Point New study says couples are avoiding talking to each other by looking at their phones - but was it ever thus?
-
The arguments for and against universal chargersPros and Cons European Commission pushing to establish USB-C as standard for all phones
-
How cybercriminals are hacking into the heart of the US economySpeed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
-
Language-learning apps speak the right lingo for UK subscribersSpeed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
-
Brexit-hobbled Britain ‘still tech powerhouse of Europe’Speed Read New research shows that UK start-ups have won more funding than France and Germany combined over past year
