Datalek app gave access to plaintext passwords Apple ID children




A data leak from an app to monitor children appeared to store plaintext passwords from parents and children on unsecured servers. The unsecured servers have now been taken offline. It is unknown whether malicious people have taken advantage of the leak.

There were personal data of 10,000 users on the servers, but it is unknown how many duplicates there were, ZDNet reports . The plaintext passwords gave direct access to the Apple ID of the children, because the app requires the disabling of two-stage authentication. This allowed malicious people to log in with the data. The app in question is TeenSafe, which says that it has a million users and that has the intention to give parents insight into what children do with their iPhone.

ZDNet contacted several parents whose data was on the server, who confirmed the accuracy of the data and the passwords. Another server only appeared to contain test data. ZDNet received the tip from a British security researcher.

Saving the passwords in plain text is at odds with the claim of Teensafe on its own site, on which the company states to use encryption to store data. The servers are offline. The company says in a comment to reveal more information when it becomes available.

TeenSafe server with sensitive info


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »