Teen device monitoring app TeenSafe had thousands of usernames and passwords leaked from one of its servers recently. The information compromised of user ids, passwords and Apple ID information. The developers of the app had claimed that the information on TeenSafe servers is encrypted, but the data somehow managed to be stolen in plaintext format which puts the credibility of the app into question. The data was stolen from one of Amazon’s cloud-based servers for TeenSafe meant for storing user data.
TeenSafe was launched as a parental control app that let parents have access to their children’s web browser, history, social messaging logs and text messaging logs. All of this information is now in the hands of the people behind the hack which may contain highly sensitive information.  UK based security researcher Robert Wiggins found two TeenSafe servers that were hacked. However, only one of the servers seems to have contained sensitive user information.
A TeenSafe spokesperson released a statement following the incident. He claimed that one of the impacted servers was shut down and all users who have been affected by the incident were notified. Over 10,000 accounts have been affected over the past three months. The developers have assured that photos, messages and location data have not been compromised. However, email addresses of both parents and children have been leaked which could allow hackers to identify the users. The app is available on both iOS and Android and does not require a child’s consent to be used, and users of both platforms have been affected by it.
The app does not work if two-factor authentication is turned on, which makes the app quite vulnerable. Anyone with access to a password to the email accounts can log in to the respective email accounts and get access to private information.