The Apple and the Android Id to more than 10,000 children have been left unprotected on the Amazon cloud server for months, reports ZDNet.
The data have been found on a server maintained by Teensafe, which makes an app that parents can use to monitor and control their child’s use of the phone.
Also exposed were the password in the clear, the parents e-mail addresses, as well as the names of the devices and unique identifiers.
The company shut the server down when it was said of the data exposed.
“We have taken action to close one of our servers to the public and has started to warn customers who may be interested in,” Teensafe said ZDNnet.
The app maker has not yet responded to a request for a statement from the BBC.
The data expose the server was discovered by security researcher Robbie Wiggins, who has already found thousands of similarly-configured machines on Amazon Web Services.
In this case, has also found another poorly protected Teensafe server that does not contain important data.
ZDNet has said that the server is left “unprotected and accessible by anyone without a password”. Data from more than 10,000 accounts were exposed on them.
Mr. Wiggins said to the BBC that the data was visible, as Teensafe had not put in place the minimum measures of security, such as a firewall to protect the data.
Scan through AWS, which has transformed the Teensafe server found, also the machines are operated by other companies that had made the same mistakes, he said.
Teensafe describes its app, which is available for both iOS and Android, as a way to “secure” the monitor of the smartphone. Once installed, the app allows parents to see the text messages, numbers called, websites visited and which applications are installed.
The company boasts more than a million parents are using its service.