Stories
Slash Boxes
Comments

SoylentNews is people

Users of Child Surveillance App TeenSafe Suffer Data Breach

posted by janrinok on Monday May 21 2018, @06:43PM   Printer-friendly
from the designed-to-keep-them-safe dept.

An Anonymous Coward writes:

ZDNet reports

A server stored teenagers' Apple ID email addresses and plaintext passwords [...] At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.

[...] the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.

[...] The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.

"Technology has brought with it a world your child might not be ready for," the company tells us in a video. "Begin a free trial today!"

TeenSafe home page (archives and more archives)

Original Submission

 
This discussion has been archived. No new comments can be posted.
Users of Child Surveillance App TeenSafe Suffer Data Breach | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by Mykl on Monday May 21 2018, @11:22PM (3 children)

    by Mykl (1112) on Monday May 21 2018, @11:22PM (#682445)

    I am pretty surprised that this service was able to convince users to hand over the passwords to their kids' iTunes accounts in the first place. Considering how much of a treasure trove of information that is, it seems to be pretty poor security to entrust another organisation with this password under _any_ circumstances.

    Then - to store that password in plaintext in an unsecured cloud-based server - words fail me.

    If I were Apple, I'd be locking each and every one of these accounts and sending a notification to the parent account to advise that they can't unlock it until the users re-confirm their acceptance of the ToC clause which says that they can't share their password with anyone else. Actually, I'd really like to just cancel each account, including parent accounts, but I know that will never happen.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=2, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @12:56AM (2 children)

    by Anonymous Coward on Tuesday May 22 2018, @12:56AM (#682479)

    I am pretty surprised that this service was able to convince users to hand over the passwords to their kids' iTunes accounts in the first place.

    I'm a parent using an app to spy on my kid. Obviously I'm not thinking clearly so why would I question giving away my kid's password?

    • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @01:48AM (1 child)

      by Anonymous Coward on Tuesday May 22 2018, @01:48AM (#682492)
      Some parents are afraid of their child starting drugs. What is some stupid rule compared to that?

      • (Score: 0) by Anonymous Coward on Tuesday May 22 2018, @09:15AM

        by Anonymous Coward on Tuesday May 22 2018, @09:15AM (#682576)

        If you're afraid that your child may start using drugs then you need more hands-on parenting. Monitoring their cell phone use is not going to prevent them from trying or using drugs.