Compromised 'TeenSafe' App Servers Exposed Thousands of Private Account Details

It was recently learned that servers of the mobile app TeenSafe have been compromised and, ultimately, exposing thousands of users’ private account details.

TeenSafe is widely known as a monitoring app marketed to parents as it allows them to virtually keep an eye on their children’s activities. The app gives parents the ability to remotely go through children’s call logs and messages, keep an eye on their web browsing history, watch what apps the kids have installed, and even track their location.

According to reports, the issue was first spotted by UK-based security researcher Robert Wiggins who found at least two breached servers. It allowed anyone to access the stored data without the need for an administrator-level authentication or even a password requirement.

The servers, before it was shut down, reportedly contained up to 10,200 data of TeenSafe users from the past three months. It contained the parents’ and children’s email addresses linked to their TeenSafe accounts, device names, and unique identification numbers. Also, as first reported by ZDNet, the children’s Apple ID usernames and passwords, which were stored in plaintext, have also been leaked.

When a data is stored in “plaintext,” it means that the information can be viewed just as how it was entered or saved by the users. In more simple words: without encryption and immediately readable.

After being informed of the issue, TeenSafe said in a statement: “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted.”

TeenSafe servers did not store other types of data from applications such as the users’ location and media files so these were spared from the breach. But since the children subscribed to TeenSafe are required to disable two-factor authentication, the compromised account details are enough for an online intruder to access more contents stored in their devices.