Account information belonging to “tens of thousands” of TeenSafe accounts has reportedly been exposed online.
The cross-platform service allows parents to track the smartphone usage of their children, including their social media interactions, web history, call logs, installed apps, and real-time location. The Los Angeles-based company behind the service says more than a million parents currently use the service.
But a U.K.-based security researcher recently discovered that at least one of its servers has leaked numerous accounts belonging to parents and their children, ZDNet reported on Sunday.
The server in question had been left unprotected, meaning anyone with the know-how could access it. After informing TeenSafe of the issue, the company acted swiftly to fix it.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet. The company promised to offer further information as its investigation progresses.
Data in plaintext form
Particularly concerning, however, is the claim that the exposed data had been stored in plaintext form. This includes parents’ email addresses, as well as children’s Apple ID email addresses — some associated with their high schools — and associated passwords.
As noted by the news outlet, TeenSafe requires that two-factor authentication be turned off, so a hacker with the relevant data would have little trouble accessing an exposed Apple ID account.
It may offer little comfort to those affected, but none of the records on the leaky server included any location data linked to parents or children.
To confirm the authenticity of the data obtained by the security researcher, ZDNet used iMessage to contact 12 parents whose details showed up on the server. While not everyone responded, those who did confirmed that the emails and passwords shown on the database were in fact genuine.
If you use the service and are yet to hear from TeenSafe, you’ll be wise to change any associated passwords as a precautionary measure.
While services like TeenSafe may provide comfort for parents anxious about their children’s online behavior, they also face criticism from privacy advocates.
TeenSafe suggests that a child doesn’t even need to know that they’re bing monitored by a parent. “Every parent’s situation is unique and only a parent can decide whether to inform their teen of their intent to use the [service]” the company says on its website.
In light of this recent leak, parents who use the service secretly will now have to either tell their child, or find another way to get them to change their Apple ID password.