In a latest user data breach, a teen tracking app has been found violating user safety by putting at risk account details of its owners, including kids.
According to a report by ZDNet, that was the first to report the breach, a UK-based security researcher Robert Wiggins discovered that a mobile app called TeenSafe, that lets parents track location and text messaging habits of teens, left the data thousands of accounts exposed on two Amazon servers.
It is alleged that TeenSafe app left data of thousands of accounts exposed on two Amazon servers.
TeenSafe
The compromised data included not only the Apple ID email addresses and passwords of the kids but also the email addresses of the parents. The Santa Monica, the California-based company claims to have over a million parents using the service.
The report further suggests that by the architecture of its working, the TeenSafe app is flawed. The app asks users to disable the two-factor authentication, attackers can view personal data only using the credentials that surfaced on the servers. This makes it vulnerable to unauthorized access.
The report also suggests that the server held at least 10,200 records from the past three months containing customer data. Conversely, TeenSafe's website indicates that the company encrypts data so that it wouldn’t be accessible in case of a breach.
However, now going by the company statement to ZDNet on Sunday, the app appears to have shut down the relevant server and started cautioning customers who might be affected. "We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," a TeenSafe spokesperson said.
0 Comments