Parents use TeenSafe to monitor their children's device browser history, text messages, geo-locations, etc. While the name now seems like a misnomer, the company's intent was to help parents keep their kids safe and secure.
TeenSafe implemented security tools which oddly contradicted best security practices. They didn't know to how to properly configure their AWS, leaving it wide open and unprotected. Now, they have jeopardized the very people they sought out to protect and have tarnished their reputation.
In our latest report, we found that there is a 182% increase in identity records being exposed on the deep and dark web, with Kids’ personal information being among the data exploited. As more and more children fall victim to identity theft, it is crucial that parents be aware of the information that could be exposed.
“It is absolutely shocking that a company that promotes security and protecting your most valuable assets, your children, have completely left sensitive data unsecured available to cybercriminals who will abuse it,” said Joseph Carson, chief security scientist at Thycotic. “It might be time for TeenSafe to change their tagline to ‘TeenSafe, built by parents who have no idea about security and for parents who don't care about security.'” Parents use the app to monitor their children's web browser history, location data, third-party apps, text messages and the like. The app touts its security measures, including encryption, but requires that parents turn off two-factor authentication to use it, leaving sensitive information vulnerable to an attacker. “The ironic thing is that they require two-factor authentication to be turned off (yes turned OFF) and that they store passwords in clear text,” said Carson.