TeenSafe phone monitoring app leaked thousands of passwordsData server leaked Apple IDs and passwords in plain text — and required two-factor authentication be disabled.
ZDNet reports that TeenSafe, an app that helps parents monitor their teenager's phone usage and boasts over a million users, had an online database server that leaked over 10,000 customer records in plain text. These records contain the parent's email address and unique device ID, but also hold the child's device name and ID as well as their Apple ID and its password. To top off this bad news, using the app required two-factor authentication be turned off so everything a malicious person needs to break into a child's Apple account is readily available.
A TeenSafe spokesperson told ZDNet they have started to alert affected parties:
We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.
Robert Wiggins, a UK-based security researcher who scours the web looking for public and exposed user data...
Source:
TeenSafe phone monitoring app leaked thousands of passwords
