Security researchers have discovered that a teen monitoring app called TeenSafe has been exposing its users’ Apple ID data, including their passwords in plaintext. A mobile app, TeenSafe allows parents to keep a track of their children’s location and monitor their web browsing and text messaging habits. However, it apparently forgot to secure its own databases leading to the latest data breach.

This controversial monitoring app gives parents access to their children’s text messages – including deleted SMS, iMessages and messages on WhatsApp – call logs, browsing history, device location, and their app download history.

Related More Data Disasters: Another Personality Quiz on Facebook Exposes Data of Millions of Users

Over 10,000 Apple ID accounts may have been affected

ZDNet reports that around 10,200 accounts from the past three months may have been compromised, however, the number includes some duplicates. The exposed data includes kids’ Apple ID email addresses, parents’ email addresses and reportedly kids’ passwords in plaintext. The compromised data did not include photos, messages, or location data.

According to the same report, the app demands its users to turn off two-factor authentication to use it on their iOS device. It apparently also stored child’s Apple ID passwords, device name and the device identifier.

The company has since responded to the reports and has said that it shut down the server and started alerting the customers who might be affected. “We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” TeenSafe said. It hasn’t clarified why its website suggests that TeenSafe uses encryption when all of the data – including passwords – was discovered to be stored in plaintext.