At least one server used by an app that helps parents monitor their kids' phone activity has exposed the account information for thousands of accounts, CNET sister site ZDNet reported Sunday.
The app, TeenSafe, bills itself as a "secure" way for parents to view their child's text message, location and who they're calling. It also lets them access the device's web browsing history and review the apps that have been installed.
But the Los Angeles-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password, ZDNet reports. The data on the server contained the parent's email address associated with the child's Apple iCloud email address and their hashed password. It also includes the child's device name -- which is often just their name -- and their device's unique identifier.
The company pulled its servers offline after being alerted to the leak by ZDNet.
"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," a TeenSafe spokesperson told ZDNet on Sunday.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.