New ‘TeenSafe’ app data breach reveals thousands of Apple IDs and passwords in plaintext

kid on iPad

TeenSafe, a mobile app that allows parents to monitor their kids’ phone usage has suffered a massive data breach. Unfortunately, at least one server used by the app has leaked tens of thousands of accounts of both parents and children, according to ZDNet, in an exclusive report. In this article, you’ll learn more about the type of data compromised and what you can do about it. 

The app, once available for both iOS and Android, allows parents to look at their children’s text messages and location, who they’ve called and when, and more. Called “secure” by its developers, TeenSafe claims to have over a million parents using the service.


The TeenSafe data breach

The Los Angeles-based company left two servers, both hosted on Amazon’s cloud, without protection and easily accessible without a password. Both devices were taken offline on Sunday, May 20 following the ZDNet report. One of the servers only contained test information.

Through a spokesperson, Teensafe explains, “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.”

According to the report:

The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name — which is often just their name — and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.

The unsecured data didn’t include content, such as photos or messages, nor did it provide the locations of either parents or children. In total, 10,200 records went unprotected, although some of these were duplicates.

TeenSafe claims it’s still looking into this situation and “will provide additional information” when it becomes available. If you’re a TeenSafe user, your best bet is to change the passwords on your account or contact the company for more information.

This isn’t the first time iOS users had to deal with a data breach this year. Back in March, Under Armour announced that its popular diet tracking app MyFitnessPal had been hacked. It involved the usernames, email addresses and [hashed] passwords of some 150 million user accounts.

Was your data possibly unprotected by TeenSafe? Let us know below.

Image: ZDNet