According to a new report from ZDNet, a popular app used by parents to monitor their teens has suffered a data breach. The app, TeenSafe, touts that it’s a “secure” monitor app for iOS that allows parents to monitor text messages, location, calling history, web history, and more.
Included in the data breach, the report says, was a list of plaintext Apple ID passwords…
Included in the TeenSafe servers was a list of the parent’s email addresses, as well as their child’s Apple ID email address. Furthermore, it included their device’s unique device identifier, and most importantly, plaintext passwords for the child’s Apple ID.
Making matters even more shocking, TeenSafe requires that the child’s Apple ID account have two-factor authentication turned off. This is so the parent can monitor their child’s activity without having to gain direct consent.
None of the accessible records included location data, photos, or messages. The company claims to have over 1 million parents using the service, though the servers housed “at least 10,200 records from the past three months.”
Questions have been raised about TeenSafe’s legitimacy in the past, primarily due to the sheer amount of data the app collects. Furthermore, teen monitoring apps such as TeenSafe have been labeled as intrusive and an invasion of the child’s privacy.
At this point, TeenSafe hasn’t expanded too much on the breadth of the breach, though says it has started informing affected users.