- How to watch ‘Dancing with the Stars’ season 28 1 Year Ago
- Watch the new ‘Jurassic World’ short film ‘Battle at Big Rock’ 1 Year Ago
- Who is Corn Pop? Here are all the theories about the gang leader from Joe Biden’s past Sunday 4:37 PM
- Fresh sexual misconduct allegations against Kavanaugh spur calls for impeachment Sunday 3:28 PM
- Mike Pence says a Triple Crown-winning racehorse bit him Sunday 12:51 PM
- Disney CEO Bob Iger leaves Apple board amid streaming wars Sunday 12:01 PM
- Influencer Destiny Marquez faces backlash for berating Forever 21 employee Sunday 10:32 AM
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Sunday 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Sunday 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Sunday 7:00 AM
- What are anons? Sunday 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Sunday 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Sunday 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
A service designed to help parents monitor their children’s smartphones leaked tens of thousands of passwords and user IDs.
First reported by ZDNet on Sunday, the mobile app TeenSafe left the door to one of its servers open to anyone without a password, giving them free entry to personal data, including Apple login credentials. Since the app requires two-factor authentication to be turned off, anyone who gained access to the information could remotely break into a child’s account.
TeenSafe allows parents to monitor the smartphone of their teenage child and gain access to text messages, web browsing history, social media posts, call logs, app usage, location, and a range of other information. Part of the setup process asks parents to access their child’s phone and disable a host of security settings, like only downloading official apps and updating apps automatically.
Controversial teen-monitoring apps have been criticized as invasive spying tools that breach trust between parents and their children. In 2015, the Australian police warned parents against using TeenSafe, which doesn’t require a child’s consent. Research from the University of Florida suggests parental control apps have a negative impact on parent-child relationships and are even ineffective at protecting kids from the dangers of the internet.
Teensafe is now under the spotlight again after Robert Wiggins, a U.K.-based security researcher, found two servers leaking user information, one of which hosted test data. The databases stored parent’s and children’s email addresses as well as the child’s device name (which is usually the child’s name) and its unique identifier. Most alarmingly, sign-in credentials for their Apple accounts were included in the leak. Fortunately, none of the servers contained photos, messages, or location data.
TeenSafe says more than a million parents use the service. Roughly 10,200 records from the past three months were compromised in the leak, though some appear to have been duplicates, according to ZDNet. It is unclear whether other servers are also out in the open.
Teensafe said it pulled its servers offline once ZDNet alerted it of the data vulnerability.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson said.
What the spokesperson didn’t mention is why the leaked information was stored in plaintext despite claims on Teensage’s website that say it uses end-to-end encryption. We have reached out to TeenSafe and will update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.