Parent and Teen Data Leaked from Monitoring App

A security researcher discovered two leaky servers of a California-based company, TeenSafe, which left the email addresses and passwords of parents and teens unprotected. According to ZDNet at least one of the servers used by the TeenSafe app leaked data from tens of thousands of accounts. TeenSafe is an app, available for both iOS and Android, for parents who wish to monitor the texts, calls, locations and even the social media exchanges of their teens. The parents enter their email addresses and those of their teenagers. The database stores not only the email and password information but also the child’s device name and the device’s unique identifier, as reported by ZDNet. “Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data,” ZDNet wrote. UK-based security researcher Robert Wiggins found the issue with one server containing production data – live customer information – while the second server stored test data. In a tweet to Infosecurity Magazine, Wiggins said, “It appeared to be intercepting the phone’s requests to iCloud for FindMyPhone and other bits related to iCloud.”