- 7 best sites for psychic love readings 1 Year Ago
- Driver demonstrates why you always need to read road signs 1 Year Ago
- Area 51 remix video proves it’s the summer of Lil Nas X Today 12:26 PM
- ‘ICE will come’: Convenience store clerk threatens customers speaking Spanish Today 12:11 PM
- Rand Paul dodges questions about 9/11 Victims Fund, says ‘watch Fox News’ Today 11:51 AM
- Report: ‘Stranger Things’ season 4 to begin shooting in October Today 11:03 AM
- AT&T paid Michael Cohen to consult on net neutrality, FBI documents show Today 9:10 AM
- Mysterio’s ruse changes on a second viewing of ‘Far From Home’ Today 9:06 AM
- Twitter overturns Barrett Brown’s third permanent suspension Today 8:49 AM
- How to live stream Liga MX Today 7:56 AM
- The QBaby’s parents are already trying to profit off their kid’s fame Today 7:45 AM
- How do 4DX movies work? Today 7:00 AM
- ‘Terminator 2’s John Connor will return for ‘Terminator: Dark Fate’ Today 6:41 AM
- What are all these ‘Game of Thrones’ fans supposed to do now? Today 6:00 AM
- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
The ‘encrypted’ data was somehow stored in plaintext.
A service designed to help parents monitor their children’s smartphones leaked tens of thousands of passwords and user IDs.
First reported by ZDNet on Sunday, the mobile app TeenSafe left the door to one of its servers open to anyone without a password, giving them free entry to personal data, including Apple login credentials. Since the app requires two-factor authentication to be turned off, anyone who gained access to the information could remotely break into a child’s account.
TeenSafe allows parents to monitor the smartphone of their teenage child and gain access to text messages, web browsing history, social media posts, call logs, app usage, location, and a range of other information. Part of the setup process asks parents to access their child’s phone and disable a host of security settings, like only downloading official apps and updating apps automatically.
Controversial teen-monitoring apps have been criticized as invasive spying tools that breach trust between parents and their children. In 2015, the Australian police warned parents against using TeenSafe, which doesn’t require a child’s consent. Research from the University of Florida suggests parental control apps have a negative impact on parent-child relationships and are even ineffective at protecting kids from the dangers of the internet.
Teensafe is now under the spotlight again after Robert Wiggins, a U.K.-based security researcher, found two servers leaking user information, one of which hosted test data. The databases stored parent’s and children’s email addresses as well as the child’s device name (which is usually the child’s name) and its unique identifier. Most alarmingly, sign-in credentials for their Apple accounts were included in the leak. Fortunately, none of the servers contained photos, messages, or location data.
TeenSafe says more than a million parents use the service. Roughly 10,200 records from the past three months were compromised in the leak, though some appear to have been duplicates, according to ZDNet. It is unclear whether other servers are also out in the open.
Teensafe said it pulled its servers offline once ZDNet alerted it of the data vulnerability.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson said.
What the spokesperson didn’t mention is why the leaked information was stored in plaintext despite claims on Teensage’s website that say it uses end-to-end encryption. We have reached out to TeenSafe and will update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.