Over 10,000 Email Addresses and Passwords Revealed in TeenSafe Data Breach
TeenSafe, a mobile app that allows parents to view their children’s text messages, call log, web browsing history, location, and app list, stored this information to two unprotected servers on Amazon’s cloud, according to ZDNet.
Since the databases were not password protected, anyone could have accessed this information, which includes email addresses, plain text passwords, Apple IDs, device names, and device unique identifiers. Some of the email addresses were associated with high schools, which means anyone accessing the database could find out which school a teen was attending.
TeenSafe requires teens to turn off two-factor authentication on their devices, and TechCrunch says this leaves the children “more vulnerable to malicious actors.”
To confirm the information, ZDNet used iMessage to contact some of the parents listed on the database, who confirmed their email addresses and passwords. After ZDNet informed the company of the breach, they took the information offline. They also said they would begin notifying users who may have been affected.
While TeenSafe says over a million parents use their service, just over 10,000 records were included in this breach, many of which were duplicates.
Anyone who uses TeenSafe should change their username and password immediately. Users should also change the password associated with their Apple IDs since this information was included in the breach.
TeenSafe may face criticism from privacy advocates since parents do not need to ask their children’s permission to use the app.