A server stored teenagers' Apple ID email addresses and plaintext passwords [...] At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.
[...] the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.
[...] The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.
"Technology has brought with it a world your child might not be ready for," the company tells us in a video. "Begin a free trial today!"
TeenSafe home page (archives and more archives)
(Score: 5, Interesting) by Mykl on Monday May 21 2018, @11:22PM (3 children)
I am pretty surprised that this service was able to convince users to hand over the passwords to their kids' iTunes accounts in the first place. Considering how much of a treasure trove of information that is, it seems to be pretty poor security to entrust another organisation with this password under _any_ circumstances.
Then - to store that password in plaintext in an unsecured cloud-based server - words fail me.
If I were Apple, I'd be locking each and every one of these accounts and sending a notification to the parent account to advise that they can't unlock it until the users re-confirm their acceptance of the ToC clause which says that they can't share their password with anyone else. Actually, I'd really like to just cancel each account, including parent accounts, but I know that will never happen.
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @12:56AM (2 children)
I'm a parent using an app to spy on my kid. Obviously I'm not thinking clearly so why would I question giving away my kid's password?
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @01:48AM (1 child)
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @09:15AM
If you're afraid that your child may start using drugs then you need more hands-on parenting. Monitoring their cell phone use is not going to prevent them from trying or using drugs.