TeenSafe Phone Monitoring App Leaks Thousands of Kid’s Email Addresses and Passwords

TeenSafe, a service which promises parents secure monitoring of their children’s smartphone activity, has leaked thousands of Apple IDs and the plain text passwords of accounts.

That’s according to a new report from ZDNet, which explains that the cross-platform service allows parents to track the smartphone usage of their children, including their social media interactions, web history, call logs, installed apps, and real-time location. The Los Angeles-based company behind the service says more than a million parents currently use the service.

Although teen monitoring apps are controversial and privacy-invasive, the company says it doesn’t require parents to obtain the consent of their children. But the Los Angeles, California-based company left its servers, hosted on Amazon‘s cloud, unprotected and accessible by anyone without a password.

At least one of the app’s servers was accessible by anyone without a password, giving them entry to highly personal data, including Apple IDs. The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website it uses encryption to protect user data.

TeenSafe has since closed one of the servers to the public after being alerted by ZDNet and has announced that it has begun alerting customers that could potentially be affected by the breach.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson.

It’s important to note that one should never provide one’s Apple ID information to a third-party application like TeenSafe, which is currently not available in Canada.

It remains unclear if the app has any other such unprotected servers containing additional data. TeenSafe claims to have over a million parents using the service and if there are any more such servers all of the users could in turn be affected by a data breach.