SecureTeen, a popular parental app with millions of downloads on the Google Play Store, has been compromised by hackers, who claim to have stolen over a million sensitive records.
The attackers announced the alleged leak on a popular data leak forum, claiming they have over 1.4 million stolen records in their hands. The target: SecureTeen, a popular parental control app available for Android, iOS, and Windows users.
The app is designed to be used on teenagers’ smart devices for filtering out unwanted content, reading device users’ text messages, tracking their location data, and supervising the device user in general.
We have reached out to Infoweise, company behind SecureTeen, for comment and will update the article once we receive a reply.
What data did the alleged SecureTeen breach expose?
Meanwhile, the Cybernews research team has investigated the data sample attackers attached to the post. According to our team, it's impossible to verify if cybercrooks indeed siphoned 1.4 million records, as they shared a sample of only 18,000 records on their Telegram channel.
“Contrary to what threat actors said in the post, some of the records are duplicates. For example, we found several lines of identical emails that look like they were created for testing purposes, as well as several duplicate password hashes in a row,” our researchers said.
However, the team added that despite the duplicates, the data appears to include legitimate information, likely from real users. The sample included a wide range of personal information, such as:
- Login credentials
- Email addresses
- Full names
- Licence keys
“Contrary to what threat actors said in the post, some of the records are duplicates. For example, we found several lines of identical emails that look like they were created for testing purposes, as well as several duplicate password hashes in a row.”
The leaked details raise serious security concerns for individuals whose data may have been exposed. For one, the leaked data suggests that information was stolen from the app's handlers. Which means that, at least in theory, attackers could use the information to access devices that were meant to be monitored.
If confirmed, that would mean that parents inadvertently provided attackers with access to their teenagers' devices. It’s difficult to understate the myriad of privacy and security issues data breach like this would create.
Moreover, attackers could utilize the same details for credential stuffing attacks. As users often reuse passwords, cybercrooks could target parents themselves by attempting to hack their personal accounts.
Spying is a double-edged sword
Parental control apps leaking sensitive user details is hardly a novelty. Cybernews has reported on issues plaguing apps designed to invade users’ privacy numerous times.
For example, our research team uncovered that four in ten popular apps contained links deemed malicious by some security vendors.
The conversation on this topic is live. Join in the discussion.
In 2023, our researchers uncovered a popular parental tracking app that outright leaked 300 million user records, including payment card details, email addresses, and phone numbers.
And last year, the team discovered that the same app, KidSecurity, was leaking GPS locations and private user messages.
Your email address will not be published. Required fields are markedmarked