• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Teen monitoring app exposes plaintext Apple ID passwords of its users

May 24th, 2018 Uzair Amir Security, Leaks, Privacy 0 comments
Teen monitoring app exposes plaintext Apple ID passwords of its users
Share on FacebookShare on Twitter

A popular teen monitoring app has become a victim of a data breach in which plaintext Apple ID passwords are believed to have been compromised.

Dubbed as TeenSafe, the app is very popular among parents with over a million subscribers. It is popular because parents can track the whereabouts of their teens. It is advertised as a safe teen monitoring app designed for iOS devices.

By using this app, parents can check on their kids by monitoring their location, web history, call history and text messages. Basically, they can learn what their teens are doing with their phones.

The reason behind the data breach, as reported by ZDNet, was the use of unprotected Amazon Web Services (AWS). The servers of the app were hosted on AWS platform and since it was unprotected, anyone was capable of accessing the information, that too, without entering a password.

The unprotected servers were discovered by security researcher Robert Wiggins. When he notified TeenSafe, the company did take the servers offline but it was indeed a huge security lapse on their part.

Apparently, over 10,000 records from the past three months were exposed due to the breach. The servers stored a list of email addresses of the subscriber parents and the Apple ID email address of their children. Moreover, the servers stored the unique device identifier numbers of the registered devices apart from child’s Apple ID passwords in plaintext format.

TeenSafe is now notifying the customers who might have been affected by the data breach, stated a spokesperson for the company.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” the spokesperson told ZDNet on Sunday.

Parents can monitor all sorts of data on this app from sent/received text messages from both Apple iMessage and Android platforms to checking messages on WhatsApp and Kik Messenger.

What’s even more alarming is the fact that TeenSafe requires parents to disable two-factor authentication on their Child’s Apple ID in order to keep monitoring their child’s activities without needing direct permission. But one relieving aspect is that the records didn’t include photos.

The company claims to be storing a minimum of 10,200 customer records from the last three months but this is an exaggerated figure as some of the records were duplicated.

“The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name — which is often just their name— and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID,” wrote ZDNet.

TeenSafe was previously in news for collecting huge amounts of data and for invading child’s privacy and now it is receiving severe backlash from security experts for failing to protect sensitive customer records. 

If you have ever used TeenSafe, keep an eye on your account and login credentials associated with it.

Image credit: Depositphotos

  • Tags
  • Amazon
  • Apple
  • AWS
  • ICLOUD
  • internet
  • Monitoring
  • Privacy
  • security
  • Spying
  • Surveillance
  • Technology
  • TeenSafe
Facebook Twitter LinkedIn Pinterest
Previous article Data of millions of Japanese sold on underground hacking forums
Next article FBI seizes VPNFilter botnet domain that infected 500,000 routers
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us