- T.I. publicly apologizes to daughters after Kobe Bryant’s death Tuesday 8:46 PM
- ‘Squash the boss’: Labor union seemingly unknowingly posted furry fetish art Tuesday 8:04 PM
- TikTok user pretending to be lab technician who has contracted coronavirus Tuesday 7:08 PM
- Caroline Calloway says she plans to campaign for Bernie Sanders Tuesday 6:23 PM
- Justin Bieber, Snoop Dogg, millions of others sign petition to make Kobe Bryant new NBA logo Tuesday 5:39 PM
- No, Lana Del Rey did not cry because Billie Eilish won album of the year Tuesday 4:48 PM
- People are exposing their eyeballs to phone flash for this TikTok challenge Tuesday 3:55 PM
- Watch Mike Bloomberg try to shake a dog’s mouth Tuesday 3:41 PM
- ‘Rey who?’ is the funniest meme to emerge from ‘The Rise of Skywalker’ Tuesday 3:30 PM
- AI beat the CDC to the punch on coronavirus warnings Tuesday 3:21 PM
- What exactly is a ‘large boulder the size of a small boulder’? Tuesday 2:49 PM
- Mom of ‘Success Kid’ says Steve King can’t use her son’s meme for ‘repulsive’ campaign Tuesday 2:00 PM
- Jake Paul can’t escape Logan Paul’s shadow—even if that loyalty has hurt his career Tuesday 1:13 PM
- Kobe Bryant’s Oscar-winning ‘Dear Basketball’ is now available to stream for free (updated) Tuesday 12:21 PM
- ‘Joker’ ad compares Todd Phillips to Gandhi Tuesday 12:10 PM
A service designed to help parents monitor their children’s smartphones leaked tens of thousands of passwords and user IDs.
First reported by ZDNet on Sunday, the mobile app TeenSafe left the door to one of its servers open to anyone without a password, giving them free entry to personal data, including Apple login credentials. Since the app requires two-factor authentication to be turned off, anyone who gained access to the information could remotely break into a child’s account.
TeenSafe allows parents to monitor the smartphone of their teenage child and gain access to text messages, web browsing history, social media posts, call logs, app usage, location, and a range of other information. Part of the setup process asks parents to access their child’s phone and disable a host of security settings, like only downloading official apps and updating apps automatically.
Controversial teen-monitoring apps have been criticized as invasive spying tools that breach trust between parents and their children. In 2015, the Australian police warned parents against using TeenSafe, which doesn’t require a child’s consent. Research from the University of Florida suggests parental control apps have a negative impact on parent-child relationships and are even ineffective at protecting kids from the dangers of the internet.
Teensafe is now under the spotlight again after Robert Wiggins, a U.K.-based security researcher, found two servers leaking user information, one of which hosted test data. The databases stored parent’s and children’s email addresses as well as the child’s device name (which is usually the child’s name) and its unique identifier. Most alarmingly, sign-in credentials for their Apple accounts were included in the leak. Fortunately, none of the servers contained photos, messages, or location data.
TeenSafe says more than a million parents use the service. Roughly 10,200 records from the past three months were compromised in the leak, though some appear to have been duplicates, according to ZDNet. It is unclear whether other servers are also out in the open.
Teensafe said it pulled its servers offline once ZDNet alerted it of the data vulnerability.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson said.
What the spokesperson didn’t mention is why the leaked information was stored in plaintext despite claims on Teensage’s website that say it uses end-to-end encryption. We have reached out to TeenSafe and will update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.