There are no good times for all those who try to keep our data safe on the Net. If a few days ago we saw how our Twitter passwords had been compromised , now it is the turn of thousands of private damages of the users, which have been exposed because of TeenSafe , a iPhone app that allows parents to track their children’s activity.
If you do not know this iPhone application it means that you have not installed it and you are safe from this serious problem. TeenSafe Allows users to safely monitor everything their children do with their smartphone. The application is available for both iOS as for Android to control the SMS, the location, the calls or the web browsing history of the smallest of the house. However, it is the users of the iPhone app who have seen how their private data is exposed.
ZDNet reports that the application’s servers, housed in the platform in the cloud of Amazon web services, were left unprotected without the company’s realizing it, which has allowed anyone with the necessary knowledge to access the database of the users of TeenSafe without the need for a password. In view of this problem, the company has already canceled the access claiming that “We have taken steps to close one of our servers to the public and have begun to alert customers who might have been potentially affected.”
According to the information provided by the researchers who discovered the failure of this iPhone app , The data breach includes email addresses of users with TeenSafe accounts, along with other children’s Apple credentials and passwords, stored as plain text but accessible to anyone who accesses them. servers of the company. Other data that were also found to be freely accessible are the IMEI of the devices registered in the application
The most curious thing is that TeenSafe It requires users to have two-factor authentication to be deactivated, which means that anyone has been able to access those accounts. Manzana with only the login credentials available from the affected servers.
Fortunately, despite the seriousness of the matter, none of the records contained content such as photos, messages or locations of the victims. At the time of writing these lines all affected servers have been deactivated immediately.