Solo che stavolta tocca a dati di bambini: l’app TeenSafe, utilizzata per monitorare i minori (in maniera anche troppo invasiva, per i miei gusti) ha tenuto i dati dei suoi utenti su server di Amazon non protetti.
The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name — which is often just their name — and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data. [link]