The mobile app, TeenSafe, a Los Angeles - California based company, is a monitoring service provided for parents.
The app works by allowing parents to remotely monitor activity on their child's phone, including text messages, web browsing history and social media use on Facebook or Instagram. It also tells the parents their child's current location and location history of the phone.
TeenSafe claims to have a million parents using the service.
Spying on children has faced criticism for sabotaging the trust between parents and children.
According to a ZDNet exclusive report, the company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.
Robert Wiggins, a UK-based security researcher, found two leaky servers, and both of them were pulled down after the ZDNet alert. One of the servers had 10,200 records on a database, containing the primary emails used to sign up to a TeenSafe account, as well as the associated child's Apple ID email address.
"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," said a TeenSafe spokesperson told ZDNet on Sunday.
TeenSafe reportedly told ZDNet that it is assessing the situation and will provide further details when available.