Privacy and security concerns have been a recurring topic of discussion as of late, with one major example revolving around the events behind Twitter recently warning all of its users to change their passwords.
However, a much more serious case seems to have occurred now as TeenSafe, an Android and iOS app that lets parents monitor their children's activity, such as messages, calls, and browsing history, has leaked user information of thousands of parents and children alike.
The company stored the information on an unprotected Amazon server, allowing anyone to access it even without a password. Another server was also exposed, but as reported by ZDNet it apparently only contains test data, though this is unconfirmed. The leak was found by security researcher Robert Wiggins.
The user data contained in the server includes the parent's e-mail and the corresponding child's Apple ID e-mail, the child's device name and its unique identifier, and even the child's Apple ID password. This is particularly concerning because the app requires two-factor authentication to be disabled, which means anyone who saw this data could access the child's account.
No actual content, such as photos or text messages, was leaked, but as both e-mails and passwords of children were leaked, some of this content could still be accessible to third-parties.
Child monitoring is pretty controversial in itself, but episodes like this make matters all the more serious. TeenSafe has since taken the exposed server offline and says it has started notifying users that might have been impacted.
Source: ZDNet via TrustedReviews
19 Comments - Add comment