Teen phone monitoring app, TeenSafe leaked thousands of user passwords.
The server stored teenagers' Apple ID email addresses and plaintext passwords.
The app was for parents to monitor their teenagers' phone activity.
It has leaked tens of thousands of accounts of both parents and children.
Robert Wiggins, a UK-based security researcher for public and exposed data, found two leaky servers.
Both of the servers were pulled offline after ZDNet alerted the company, including another that contains what appears to be only test data.
They have taken action to close one of their servers to the public and begun alerting customers that could potentially be impacted.
The database stored the parent's email addresses associated with TeenSafe and their corresponding child's Apple ID email address.
It also included the child's device name and the plaintext passwords for the child's Apple ID.
Shortly before the server went offline, there were at least 10,200 records from the past three months containing customer data, but some were duplicates.
"id": "TEE1968722",
"linkid": "teensafe",
"type": "Data Leak",
"date": "05/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"