Teen tracking app leaks ‘thousands’ of user passwords
Personal data of parents and children were stored in plain-text form on a ‘leaky server’
TeenSafe, an app that lets parents monitor the location of their children, has leaked the account and password details for “tens of thousands” of its users.
The security breach was uncovered by Robert Wiggins, a UK-based security researcher who searches for public and exposed data. He found two “unprotected” Amazon-hosted computer servers that were being used by the Los Angeles-based company behind the app, ZDNet reports.
One of the servers stored the email addresses and Apple ID information of users, while the other appeared to contain “only test data”, according to the news tech site. TeenSafe took both servers offline after being informed about the leak.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A TeenSafe spokesperson told ZDNet: “we have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.”
Speaking to the BBC, Wiggins said TeenSafe had not employed “basic security measures” on the affected computer servers.
The app, available for iPhone and Android mobiles, uses tracking software that can be “downloaded by parents onto their child’s smartphone”, The Daily Telegraph says.
Once installed, parents can use the software to monitor their children’ location, text messages and calls, as well as access their internet browsing history.
What is “particularly concerning” about the leak is that the data had been stored in “plain-text form”, which was not protected by any form of encryption or firewall, says Digital Trends.
This means hackers would have “little trouble accessing an exposed Apple ID account”, as they could simply copy the login details from the “leaky server”, the site says.
The TeenSafe data breach is far from the first of its kind.
Companies including Facebook, Delta Airlines and the travel booking website Orbitz have been hit by leaks in recent months, reports The Verge.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Spotify has an issue with 'fake artists'
In the Spotlight Some of these bands are reportedly generating millions of streams from Spotify users
By Justin Klawans, The Week US Published
-
Justice Department bites Apple with iPhone suit
Speed Read The lawsuit alleges that the tech company monopolized the smartphone industry
By Rafi Schwartz, The Week US Published
-
Phubbing: a marriage-wrecking habit?
Talking Point New study says couples are avoiding talking to each other by looking at their phones - but was it ever thus?
By The Week Staff Published
-
The arguments for and against universal chargers
Pros and Cons European Commission pushing to establish USB-C as standard for all phones
By The Week Published
-
How cybercriminals are hacking into the heart of the US economy
Speed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
By The Week Staff Last updated
-
Language-learning apps speak the right lingo for UK subscribers
Speed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
By Mike Starling Published
-
Brexit-hobbled Britain ‘still tech powerhouse of Europe’
Speed Read New research shows that UK start-ups have won more funding than France and Germany combined over past year
By Mike Starling Published
-
Playing Cupid during Covid: Tinder reveals Britain’s top chat-up lines of the year
Speed Read Prince Harry, Meghan Markle and Dominic Cummings among most talked-about celebs on the dating app
By Joe Evans Last updated