UK-based security researcher Robert Wiggins has found two exposed TeenSafe servers, leaking the passwords and information of some users of the monitoring service.
TeenSafe is meant to protect teenagers by letting their parents monitor their texts, phone calls, web history, location, and app downloads. The breach was first reported by ZDNet.
According to the report, TeenSafe left two of their servers, which were hosted on AWS, exposed and viewable by anyone. Moreover, the database included information such as the parent’s email address, child’s Apple ID email address, device name, device unique identifier, and plaintext passwords for the teenager’s Apple ID.
So… just about everything.
TeenSafe requires that teenagers abstain from using two-factor authentication so that parents can keep an eye on their activity, making those teenagers even more vulnerable to malicious actors now that their personal information has been exposed.
TeenSafe claims on its website that it encrypts data so..