Thousands of Apple ID Passwords Leaked by Teen Phone Monitoring App Server
A security researcher has discovered that a server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of login credentials, including the Apple IDs of children.
The app, called TeenSafe, allows parents to view their children's text messages, call logs, browsing history, location, and third-party app installations. To work, the app requires that two-factor authentication is turned off for the child's Apple ID.
According to ZDNet, the researcher found two servers hosted on Amazon's cloud service that were left unprotected without a password. One of the servers contained over 10,000 records, some of which were duplicates. Each record contained the parent's email address, the child's Apple ID email address, the device name, the device's unique identifier, and the plaintext passwords for the child's Apple ID.
This means that anyone who accessed the server could potentially break into the accounts of thousands of children and access their personal data. The server also contained the user's device type and its subscription status.
The researcher contacted ZDNet after finding the server and provided a sample of the data. ZDNet verified the authenticity of the data by contacting some of the parents whose email addresses were in the sample. The parents confirmed that they had used TeenSafe to monitor their children's phones.
ZDNet also contacted TeenSafe and informed them of the security breach. The company said that it had begun alerting customers who may have been affected and that it had closed one of the servers to the public. It is unclear if there are other unprotected servers that contain more user data.
TeenSafe claims to have over one million users in the US. The company's website states that it uses encryption to protect user data and that it does not store any content such as photos or messages on its servers. However, it appears that these claims are not true, as the passwords were stored in plaintext and the server was not encrypted.
TeenSafe has not yet issued a public statement about the incident or provided any details on how many users were affected and what steps it is taking to prevent such leaks in the future.How to protect your Apple ID from being leaked
Your Apple ID is the account that you use to sign in to various Apple services, such as iCloud, App Store, Apple Music, iMessage, FaceTime, and more. It also contains your personal and payment information, as well as your iCloud data. Therefore, it is important to protect your Apple ID from being leaked or hacked by unauthorized people.
Here are some tips on how to secure your Apple ID and prevent it from being compromised.
Use a strong and unique password for your Apple ID. Apple requires that you use a password that has at least eight characters, including upper and lowercase letters and at least one number. You should also avoid using common words, phrases, or patterns that can be easily guessed or cracked by hackers. Don't use your Apple ID password with other online accounts or share it with anyone else.
Enable two-factor authentication for your Apple ID. This is a security feature that adds an extra layer of protection to your account. It requires you to enter a verification code that is sent to your trusted devices or phone number whenever you sign in to a new device or change your account settings. This way, even if someone knows your password, they won't be able to access your account without the code.
Keep your account information up to date. You should always update your email address, phone number, security questions, and recovery key if you have one. These are the ways that Apple can contact you or verify your identity if you need to reset your password or recover your account. You should also review the devices and apps that are signed in with your Apple ID and remove any that you don't recognize or use anymore.
Be aware of phishing scams and fake emails. Hackers may try to trick you into giving them your Apple ID credentials or personal information by sending you emails or messages that look like they are from Apple or other legitimate sources. They may ask you to click on a link, open an attachment, or enter your details on a fake website. Don't fall for these scams and always check the sender's address, the URL of the website, and the spelling and grammar of the message. If you are not sure if an email or message is genuine, contact Apple directly or visit their official website.
By following these tips, you can help protect your Apple ID from being leaked and keep your data safe and secure. aa16f39245