An app meant to let parents monitor the phone activity of teenagers was saving the latter's Apple ID passwords in unprotected plaintext form, a report revealed on Sunday.
The information collected by TeenSafe was hosted on Amazon servers, and also included device identifiers and the email addresses of parents, ZDNet said, crediting the discovery to U.K. researcher Robert Wiggins. Those servers have been temporarily pulled offline, and a TeenSafe representative stated that the company has begun notifying anyone who might be impacted.
At least 10,200 records from the past three months contained customer data, though some were duplicates.
TeenSafe markets itself as a secure, encrypted way for parents to track call, Web, and location histories, as well as read text messages, even deleted ones.
Using the app to track a teen's iPhone requires that they have two-factor authentication turned off, though, which means that any hacker who discovered the plaintext passwords could hijack a teen's Apple ID and view private content.
It's not known if any malicious attacks have been launched, but some of the affected customers had already changed their account data prior to being alerted.
26 Comments
What a stupid company, I am assuming they were charging for this service.
This is sloppy, irresponsible work. There should be consequences when companies put their user’s private info like this out for the world to see.
What? Fukien idiots!
Why pay for this crap? Just use Find My Friend
I use it so I know when Mrs Rayz2016 is approaching the house. Gives me plenty of time to clear up the liquor bottles and start mowing the lawn.