You’d imagine that an app designed to allow parents to keep tabs on their kids and their phone activity would take security pretty seriously, but that has apparently not stopped tens of thousands of login credentials for the TeenSafe service from being stolen.
The data breach, initially reported by ZDNet, relates to users of the app which is meant to allow the secure monitoring of both iOS and Android devices by parents, giving them access to call history, location data and more.
The data breach comes via a database which was stored on two servers hosted in Amazon’s Web Services environment with the database itself accessible without the need for a password. The discovery was made by a UK-based security researcher which specializes in public and exposed data, with the servers taken offline once ZDNet contacted the company behind TeenSafe and made them aware of the breach.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson to ZDNet on Sunday.
There is some good news in the report that while there are over a million users registered by TeenSafe, “only” 10,200 were held in the database. That’s great if you are not one of those users, but if you are then it’s possible things like Apple ID of children, their device name and plain text passwords were compromised as a result of this breach.
As if it was attempting to make things worse, TeenSafe requires that two-factor authentication be disabled on accounts which it is being used to monitor, something that now leaves those accounts wide open. The company does say that it will continue to work on the situation with additional information being shared as and when available.
If you’re a TeenSafe user, we suggest resetting all your Apple ID passwords sooner rather than later.