A server stored teenagers' Apple ID email addresses and plaintext passwords [...] At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.
[...] the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.
[...] The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.
"Technology has brought with it a world your child might not be ready for," the company tells us in a video. "Begin a free trial today!"
TeenSafe home page (archives and more archives)
(Score: 4, Insightful) by Runaway1956 on Monday May 21 2018, @07:07PM (1 child)
People don't think about carrying their devices to the bathroom, the bedroom, or anywhere else. There are lots of images on those devices that CP lovers will drool over. But, let's just store the passwords in plaintext, 'cause it's easy. What could possibly go wrong?
Idiots, everywhere.
(Score: 0) by Anonymous Coward on Monday May 21 2018, @07:10PM
Somebody think of the children! Oh wait, Pedo Inc. just did...