TeenSafe, a service which promises parents secure monitoring of their children’s smartphone activity, has leaked thousands of Apple IDs and the plain text passwords of accounts, ZDNet reported.
Among the activity TeenSafe allows parents to monitor is text messages, location, calls, web browsing, and app usage.
The leak was discovered by UK security researcher Robert Wiggins who looks for data that has been inadvertently exposed publicly.
Wiggins discovered two servers leaking data on Amazon’s cloud.
After ZDNet informed TeenSafe about the breach, the company took the servers offline.
The database on the servers contained parents’ email addresses, and Apple ID email addresses.
Device names and unique identifiers were also exposed, along with the plaintext passwords of Apple IDs.
The report noted that TeenSafe requires two-factor authentication to be turned off, which means an attacker could use the credentials to break into a child’s account.
TeenSafe told ZDNet it has started alerting customers who could potentially be impacted.