- Daniel Caesar dons cape for whiteness—and gets canceled Wednesday 4:29 PM
- Triton is a new malware ‘deliberately’ designed to put lives at risk Wednesday 3:23 PM
- ‘Into the Dark: I’m Just F*cking with You’ is one of the series’ best Wednesday 1:54 PM
- Trump’s latest prop, a map of ISIS, gets memed Wednesday 12:54 PM
- HBO sends fans on a global scavenger hunt for 6 Iron Thrones Wednesday 11:51 AM
- The Awkward Family Photos game is Cards Against Humanity for meme lovers Wednesday 11:50 AM
- London firefighters’ organization accuses ‘Peppa Pig’ of sexism Wednesday 11:41 AM
- YouTuber accused of abusing her children to make kid-friendly content Wednesday 11:20 AM
- Ari Fleischer’s Iraq War tweet isn’t going over well Wednesday 10:54 AM
- Cop arrested for recording man’s genitals, forcing mentally ill man to twerk Wednesday 10:37 AM
- MoviePass rebrands its unlimited plan, again Wednesday 10:37 AM
- Former Alaska senator launches meme-filled 2020 primary campaign Wednesday 10:17 AM
- The Shane Dawson cat controversy has resulted in these sex memes Wednesday 10:06 AM
- Sarah Sanders mocks CNN reporter with ‘dear diary’ tweet Wednesday 9:03 AM
- Know what you’re signing up for thanks to these dating site reviews Wednesday 8:58 AM
The ‘encrypted’ data was somehow stored in plaintext.
A service designed to help parents monitor their children’s smartphones leaked tens of thousands of passwords and user IDs.
First reported by ZDNet on Sunday, the mobile app TeenSafe left the door to one of its servers open to anyone without a password, giving them free entry to personal data, including Apple login credentials. Since the app requires two-factor authentication to be turned off, anyone who gained access to the information could remotely break into a child’s account.
TeenSafe allows parents to monitor the smartphone of their teenage child and gain access to text messages, web browsing history, social media posts, call logs, app usage, location, and a range of other information. Part of the setup process asks parents to access their child’s phone and disable a host of security settings, like only downloading official apps and updating apps automatically.
Controversial teen-monitoring apps have been criticized as invasive spying tools that breach trust between parents and their children. In 2015, the Australian police warned parents against using TeenSafe, which doesn’t require a child’s consent. Research from the University of Florida suggests parental control apps have a negative impact on parent-child relationships and are even ineffective at protecting kids from the dangers of the internet.
Teensafe is now under the spotlight again after Robert Wiggins, a U.K.-based security researcher, found two servers leaking user information, one of which hosted test data. The databases stored parent’s and children’s email addresses as well as the child’s device name (which is usually the child’s name) and its unique identifier. Most alarmingly, sign-in credentials for their Apple accounts were included in the leak. Fortunately, none of the servers contained photos, messages, or location data.
TeenSafe says more than a million parents use the service. Roughly 10,200 records from the past three months were compromised in the leak, though some appear to have been duplicates, according to ZDNet. It is unclear whether other servers are also out in the open.
Teensafe said it pulled its servers offline once ZDNet alerted it of the data vulnerability.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson said.
What the spokesperson didn’t mention is why the leaked information was stored in plaintext despite claims on Teensage’s website that say it uses end-to-end encryption. We have reached out to TeenSafe and will update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.