Teen tracking app leaks ‘thousands’ of user passwords
Personal data of parents and children were stored in plain-text form on a ‘leaky server’
TeenSafe, an app that lets parents monitor the location of their children, has leaked the account and password details for “tens of thousands” of its users.
The security breach was uncovered by Robert Wiggins, a UK-based security researcher who searches for public and exposed data. He found two “unprotected” Amazon-hosted computer servers that were being used by the Los Angeles-based company behind the app, ZDNet reports.
One of the servers stored the email addresses and Apple ID information of users, while the other appeared to contain “only test data”, according to the news tech site. TeenSafe took both servers offline after being informed about the leak.
A TeenSafe spokesperson told ZDNet: “we have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.”
Speaking to the BBC, Wiggins said TeenSafe had not employed “basic security measures” on the affected computer servers.
The app, available for iPhone and Android mobiles, uses tracking software that can be “downloaded by parents onto their child’s smartphone”, The Daily Telegraph says.
Once installed, parents can use the software to monitor their children’ location, text messages and calls, as well as access their internet browsing history.
What is “particularly concerning” about the leak is that the data had been stored in “plain-text form”, which was not protected by any form of encryption or firewall, says Digital Trends.
This means hackers would have “little trouble accessing an exposed Apple ID account”, as they could simply copy the login details from the “leaky server”, the site says.
The TeenSafe data breach is far from the first of its kind.
Companies including Facebook, Delta Airlines and the travel booking website Orbitz have been hit by leaks in recent months, reports The Verge.