Thousands of Apple ID Passwords Leaked by Teen Phone Monitoring App Server

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 21, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    ZDNet reports that a server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of login credentials, including the Apple IDs of children.

    The leaked data belonged to customers of TeenSafe, a "secure" monitoring app for iOS and Android that allows parents to view their child's text messages and location, call history, web browsing history, and installed apps.

    [​IMG]

    The customer database was reportedly stored on two servers hosted by Amazon Web Services, where it remained unprotected and accessible without a password. The discovery was made by a U.K.-based security researcher specializing in public and exposed data, and the servers were only taken offline after ZDNet alerted the California-based company responsible for the TeenSafe app.
    The information in the exposed database included the email addresses of parents who used TeenSafe, the Apple ID email addresses of their children, and children's device name and unique identifier. Plaintext passwords for the children's Apple ID were also among the data set, despite claims on the company's website that it uses encryption to protect customer data.

    [​IMG]

    Compounding the lax security is the app's requirement that two-factor authentication is turned off for the child's Apple account so that parents can monitor the phone without consent. This means a malicious actor could potentially access a child's account using the login credentials that were stored on the exposed server.

    TeenSafe counts over a million parents as customers, although the database was reportedly limited to 10,200 records gleaned from the past three months of customer usage. The company said it would continue to assess the situation and provide additional information to customers as soon as it became available.

    Article Link: Thousands of Apple ID Passwords Leaked by Teen Phone Monitoring App Server
     
  2. iPhysicist macrumors 65816

    iPhysicist

    Joined:
    Nov 9, 2009
    Location:
    Dresden
    #2
    Well, valuable indeed - for the hackers.
     
  3. Relentless Power, May 21, 2018
    Last edited: May 21, 2018

    Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #3
    Its already concerning enough when you have login credentials that have been explicitly exposed, but especially with the sensitivity of when it involves children’s information.
     
  4. Nuvi macrumors 65816

    Joined:
    Feb 7, 2008
    #4
    Interesting, just yesterday Apple requested me to change my Apple ID password. I’m not sure if this due to fact that my young daughter also has Apple ID and this was just precautionary measure or if it’s just routine for Apple to request password change if the password is very old. However, I have never used “Teen Safe” or any similar service. In any case I have had two factor authentication activated since it became available so I’m sure there hasn’t been attempts to access my account.
     
  5. Fiachers macrumors member

    Joined:
    Dec 27, 2016
    #5
    Jesus H, this product is abominable. True helicopter parent dystopian BS. Just let kids be kids!
     
  6. Mike MA macrumors 68000

    Mike MA

    Joined:
    Sep 21, 2012
    #6
    If you’re in need to use such kind of apps to monitor your children you’re in problems anyway.
     
  7. andy89 macrumors 6502

    Joined:
    May 22, 2005
    Location:
    Folkestone, England
    #7
    Not quite sure why you'd use something like that to spy on your teen.
     
  8. Mac Fly (film) macrumors 65816

    Mac Fly (film)

    Joined:
    Feb 12, 2006
    Location:
    Ireland
    #8
    I didn’t know Tarantino had an acccount here.
     
  9. jsmith189 macrumors 65816

    jsmith189

    Joined:
    Jan 12, 2014
    #9
    [​IMG]

    Just saying.
     
  10. Kirb112 macrumors member

    Joined:
    Jan 16, 2013
    #10
    Because of thir limited life experiences, kids will do stupid things. Monitoring apps have place, but they are certainly no substitution for the large investment of parental time it takes to mold a child into an adult.
     
  11. JSt83 macrumors member

    JSt83

    Joined:
    Jan 6, 2014
    #11
    Molding a child into an adult, now that sounds fun!
     
  12. andy89 macrumors 6502

    Joined:
    May 22, 2005
    Location:
    Folkestone, England
    #12
    I guess there's nothing like having your privacy violated to prepare you for adulthood.
     
  13. omihek macrumors 6502

    omihek

    Joined:
    May 3, 2014
    Location:
    Salt Lake City, UT
    #13
    If you need to monitor every detail of your teens life, then you already screwed up when they were just a toddler.

    And are you kidding me with the plaintext passwords? Who wrote this app? Some teenager?
     
  14. djcerla macrumors 68000

    djcerla

    Joined:
    Apr 23, 2015
    Location:
    Italy
    #14
    Having the app installed, with the kid agreeing with it, does not necessarily mean using it.

    In Italy we have average speed control on sections of motorways; it’s not clear when they’re active or not, and most of the times they’re not. But the mere presence of the portals managed to dramatically reduce speeding and the number of casualties (as much as 70%).
     
  15. elvisimprsntr, May 21, 2018
    Last edited: May 21, 2018

    elvisimprsntr macrumors 6502

    Joined:
    Jul 17, 2013
    Location:
    Florida
    #15
    Incompetence and negligence.

    Good luck getting any form of compensation or refund.

    https://www.teensafe.com/helps/terms/

     
  16. itsmilo macrumors 68020

    itsmilo

    Joined:
    Sep 15, 2016
    Location:
    Europe
    #16
    What kind of parents spies on their children text messages? That’s just wrong on so many levels ... boundaries people. if you don’t trust them enough to use their own phone privately. Maybe look yourself in the mirror and question what you did wrong rasing them.
     
  17. SoundJudgment macrumors regular

    SoundJudgment

    Joined:
    Jul 3, 2017
    #17
    Yet, somehow everyone will twist this all around and claim it was 'Apple's fault.'
    Who wants to go first??
     
  18. one more, May 21, 2018
    Last edited: May 21, 2018

    one more macrumors 6502a

    one more

    Joined:
    Aug 6, 2015
    Location:
    Earth
    #18
    Spot on. For those of you who do not know what this is about, it is a special device to monitor a child’s activity and whereabouts, as depicted in Arkangel episode of the Black Mirror series. The device works flawlessly, yet the ending is very far from happy.
     
  19. Nuvi macrumors 65816

    Joined:
    Feb 7, 2008
    #19
    For better or worse, that’s what the parents are always doing. Doesn’t matter if they do it knowingly or not, it’s the job the parents singed for when they decided to create life.

    Regarding “parenting apps”, they have their place in modern society. However, they can be used to extend the trust or ruin it completely.
     
  20. CoelhoJSJD, May 21, 2018
    Last edited: May 21, 2018

    CoelhoJSJD macrumors newbie

    Joined:
    May 21, 2018
    #20
    Wrong. You need pay close attention to how this is worded. Please note, almost all indemnification clauses which are vague and unilateral; such as this one, will never hold in court.

    Following the quote from the website:

    Indemnification. You agree to indemnify, defend and hold TeenSafe and the Related Parties harmless from any and all claims, demands, damages or other losses, including reasonable attorneys’ fees, resulting from or arising out of your use of the Site, the Software and/or the Service or any breach by you of this ToU or any other policies that TeenSafe may issue for the Site, the Software and/or Service from time to time.

    What has ensued was a breach of trust by the provider and had nothing to do with the user base.

    P.S. This application is heinous.
     
  21. nwcs macrumors 68000

    nwcs

    Joined:
    Sep 21, 2009
    Location:
    Tennessee
    #21
    It’s not always that simple. I was just on a jury panel a couple of weeks ago of a murdered 16 year old. If her parents had access to the info that was exchanged between their daughter and her boyfriend/murderer then perhaps she would be alive. She showed various messages and things to her friends but when asked why the friends didn’t do anything they basically said they hadn’t gotten around to it. As one of them said, “I guess hindsight is 20/20.”

    Yes, sometimes it is bad parenting but it’s too easy to just blame the parents — a well that never seems to run dry these days. Just consider that sometimes it is the kids — even with the parents’ best efforts.
     
  22. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #22
    I was thinking the same. Kids, welcome to the modern era of the internet. Where nothing is secure and privacy is a thing of the past.

    Enjoy.
     
  23. Piggie macrumors G3

    Piggie

    Joined:
    Feb 23, 2010
    #23
    What you mean take their phones away totally and let them grow up, as children have done for the past couple of million years as well rounded, normal human beings, without worrying, and staying up and night due to what someone may say about them, or needing to broadcast their every action to social media for their friends to see?

    Yes. Let's take the dam phones away and let them grow up as well adjusted people before the curse of the mobile phone it thrust into their lives.
     
  24. DakotaGuy macrumors 68040

    DakotaGuy

    Joined:
    Jan 14, 2002
    Location:
    South Dakota, USA
    #24
    This is a good example of why you should never believe you have “total” security or privacy on any operating system or platform.
     
  25. Fender2112 macrumors 65816

    Fender2112

    Joined:
    Aug 11, 2002
    Location:
    Charlotte, NC
    #25
    As I read these comments, it's easy to tell who are parent's and who are not.

    To those who are not, you really have no basis to be criticizing a parent for monitoring their child's activities. As long as I am responsible for my children, I will do what I can to monitor and protect them even if that means they give up a little privacy.
     

Share This Page