Teensafe, an app that lets parents keep track of their children's messages, social media and phone location, is found to have leaked data of thousand of users. It has also been revealed that around 10,200 records from the past three months have been put at risk too. UK based security researcher Robert Wiggins reported that two of the servers of the app have exposed the user data. The company took quick action and pulled off the affected servers as soon as they got an alert. It is reported that the vulnerable servers behind the leak were unprotected and accessible without requiring a password.
The app asks users to disable the two factor authentication and thus, the attackers can only get hold of the personal data by using the credentials that surfaced on the servers. Among the data, there were passwords and email addresses of the parents and the children. It was also reported that the leak included error messages associated with failed account action - the error was highlighted in some cases when parents were not able to identify their children's real time location. The company has claimed on their website that the app is secure and uses encryption to protect their user's data.
The leak was verified after reaching out to parents whose email addresses were identified in the leaked data. The servers are no longer live so that attackers can't obtain the data anymore but the owners haven't provided any clarification on how they will protect their servers in future.
By: Neha Maheshwari