TeenSafe Leaks thousands of Apple IDs account logins

5
Found 21st May
Not good news for users of the service

TeenSafe, the apps which allows parents to check their kids messages, calls, and search history on iOS and android, have found that the servers used, hosted by Amazon Web Services cloud platform, were left unprotected, giving anyone access to the app user database without the need for a password.

2942757-F9BUT.jpg(via Google News, originally sourced from ZDNet)

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” a TeenSafe spokesperson told ZDNet over the weekend.

First discovered by UK-based security researcher Robert Wiggins, the data breach includes email addresses of parents with TeenSafe accounts, alongside Apple IDs and passwords – stored in plaintext – of the children.


The server also stored the names and the unique identification numbers (IMEI) for each device. However, no app content (such as photos or messages) was stored on the servers.

Ironically, for the app to work, TeenSafe requires two-factor authentication to be disabled — meaning anyone with ill intentions can access those Apple ID accounts with just the login credentials easily available from the leaky servers.

Although the offending servers have been shut down, there were reportedly “at least 10,200 records from the past three months containing customers data – but some are duplicates” stored on the server.

In light of this recent leak, parents who use the service secretly will now have to either tell their child, or find another way to get them to change their Apple ID password.
Community Updates
Misc
5 Comments
Avatar
deleted396333
lol
TeenUnsafe
That sounds just an embarrassing level of security, not even tried doing basic steps such as hashing passwords
this is insane!

I like the news report btw
#HotUKNews
joey13526 h, 5 m ago

That sounds just an embarrassing level of security, not even tried doing …That sounds just an embarrassing level of security, not even tried doing basic steps such as hashing passwords


I'm guessing that the service relies on logging into iCloud itself, so hashing passwords wouldn't help them
Post a comment
Avatar
@
    Text

    Top Discussions

    Top Merchants