A server stored teenagers' Apple ID email addresses and plaintext passwords [...] At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.
[...] the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.
[...] The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.
"Technology has brought with it a world your child might not be ready for," the company tells us in a video. "Begin a free trial today!"
TeenSafe home page (archives and more archives)
(Score: 4, Insightful) by Runaway1956 on Monday May 21 2018, @07:07PM (1 child)
People don't think about carrying their devices to the bathroom, the bedroom, or anywhere else. There are lots of images on those devices that CP lovers will drool over. But, let's just store the passwords in plaintext, 'cause it's easy. What could possibly go wrong?
Idiots, everywhere.
(Score: 0) by Anonymous Coward on Monday May 21 2018, @07:10PM
Somebody think of the children! Oh wait, Pedo Inc. just did...
(Score: 1, Interesting) by Anonymous Coward on Monday May 21 2018, @07:32PM (2 children)
on the one hand, I really want people who claim to be "IT professionals" to go to jail if they really fuck up with computer security.
on the other hand, I don't want the courts to start distinguishing between "computer security for children's data" and "generic computer security".
(Score: 0) by Anonymous Coward on Monday May 21 2018, @07:46PM (1 child)
A professional association like the AMA or the bar associations are the only thing that can help. Striving for this individually, we will always be undercut by somebody else willing to work for less or more adept at playing buzzword bingo.
(Score: 1, Insightful) by Anonymous Coward on Monday May 21 2018, @07:54PM
I disagree. I think failure to secure networks and/or data, general negligence and the like, should result in liability that pierces the corporate shield. When these executives are held personally liable, and they can lose their homes, savings and financial security, things will start changing for the better.
(Score: 5, Insightful) by Sourcery42 on Monday May 21 2018, @07:36PM
It rather sounds like technology has brought with it a world these fuckwits aren't ready for either.
(Score: 0) by Anonymous Coward on Monday May 21 2018, @07:48PM
This is why the app was called TeenSafe and not DataSafe.
(Score: 0) by Anonymous Coward on Monday May 21 2018, @10:24PM (4 children)
Spy app pitched to parents to spy on their kids allows the world to spy on them too. Film at 11.
(Score: 1, Interesting) by Anonymous Coward on Monday May 21 2018, @11:16PM (3 children)
Corollary: Parents, you need to keep track of your own kids, yourself. Outsourcing parenting is generally not a good idea, no matter what marketing spiel you may have heard.
(Score: 1) by tftp on Tuesday May 22 2018, @01:45AM (2 children)
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @02:39AM
> Many parents work 2 jobs each
Can't speak for others, but this (too busy, no time to be a good parent) was one of several things that went into my decision to not have children. Now that I'm nearing retirement, I'm not regretting that decision yet.
I did pick up a "rent-a-kid" along the way, SO's kid from previous marriage is on disability (age 31, can't work a steady job due to intermittent health issues) and lives with us.
(Score: 2) by Freeman on Tuesday May 22 2018, @03:27PM
The best thing you can do for your kids is to have a stay at home parent. The unfortunate thing is that society / work / economy makes that extremely difficult nowadays.
It seems like almost everything has more or less turned into a Spy app. With Android and Microsoft leading the charge. There aren't really many options. It's also getting much harder to just do without. You don't "have to" file your taxes electronically, pay your bills online, have a cellphone, a credit card, or an e-mail address. Things do get a bit difficult, if you go against the grain at all points, though. The even more unfortunate thing is that wouldn't necessarily protect you from something like the Equifax breach, either.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 5, Interesting) by Mykl on Monday May 21 2018, @11:22PM (3 children)
I am pretty surprised that this service was able to convince users to hand over the passwords to their kids' iTunes accounts in the first place. Considering how much of a treasure trove of information that is, it seems to be pretty poor security to entrust another organisation with this password under _any_ circumstances.
Then - to store that password in plaintext in an unsecured cloud-based server - words fail me.
If I were Apple, I'd be locking each and every one of these accounts and sending a notification to the parent account to advise that they can't unlock it until the users re-confirm their acceptance of the ToC clause which says that they can't share their password with anyone else. Actually, I'd really like to just cancel each account, including parent accounts, but I know that will never happen.
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @12:56AM (2 children)
I'm a parent using an app to spy on my kid. Obviously I'm not thinking clearly so why would I question giving away my kid's password?
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @01:48AM (1 child)
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @09:15AM
If you're afraid that your child may start using drugs then you need more hands-on parenting. Monitoring their cell phone use is not going to prevent them from trying or using drugs.