Skip to main content

Plaintext Apple ID passwords included in teen phone monitoring app’s data breach

According to a new report from ZDNet, a popular app used by parents to monitor their teens has suffered a data breach. The app, TeenSafe, touts that it’s a “secure” monitor app for iOS that allows parents to monitor text messages, location, calling history, web history, and more.

Included in the data breach, the report says, was a list of plaintext Apple ID passwords…

According to the report, TeenSafe left its servers – which are hosted on Amazon’s Web Services platform, unprotected. Thus, anyone could access the information without a password. After ZDNet notified the company of the glaring security lapse, it pulled the servers offline.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson told ZDNet on Sunday.

Included in the TeenSafe servers was a list of the parent’s email addresses, as well as their child’s Apple ID email address. Furthermore, it included their device’s unique device identifier, and most importantly, plaintext passwords for the child’s Apple ID.

Making matters even more shocking, TeenSafe requires that the child’s Apple ID account have two-factor authentication turned off. This is so the parent can monitor their child’s activity without having to gain direct consent.

None of the accessible records included location data, photos, or messages. The company claims to have over 1 million parents using the service, though the servers housed “at least 10,200 records from the past three months.”

Shortly before the server went offline, there were at least 10,200 records from the past three months containing customers data — but some are duplicates. One of the servers appeared to store test data, but it’s not known if there are other exposed servers with additional data.

Questions have been raised about TeenSafe’s legitimacy in the past, primarily due to the sheer amount of data the app collects. Furthermore, teen monitoring apps such as TeenSafe have been labeled as intrusive and an invasion of the child’s privacy.

At this point, TeenSafe hasn’t expanded too much on the breadth of the breach, though says it has started informing affected users.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications