Thousands of parent and child accounts in TeenSafe, a device monitoring app for teenagers, have had their information compromised, according to a report from ZDNet . At least one of the application's servers, which are hosted on Amazon's cloud service, was accessible to anyone without a password, which allowed them to access highly personal data, including Apple IDs. According to reports, the data, including passwords and user IDs, were stored in plain text, although TeenSafe states that its website uses encryption to protect the user's data.
The TeenSafe app allows parents to access their children's web browser history, text messages (including SMS and iMessages and deleted messages on WhatsApp and Kik), call logs, device location and allows them to see which apps of third parties have been installed.
ZDNet notes that UK security researcher Robert Wiggins discovered that two servers had been undermined, although only one seems to harbor test data. "We have taken steps to close one of our servers to the public and have begun to alert customers who might be affected," said a TeenSafe spokesperson ZDNet.