Mobile Monitoring Spyware App Leaks Data of Millions of its Own Customers


Mobile monitoring software mSpy, a tracking app that parents use to keep track of their children’s mobile activity, has suffered a data breach leading to the loss of data of over a million paying customers using the software.

Controversial for the ethical involved in the fundamental idea of the app, mySpy has already suffered a data breach in 2015, leading to customer data being spilled on the dark web. Now, cybersecurity journalist Brian Krebs has revealed that mSpy has leaked the sensitive details of over a million paying customers.

Leaked information of millions of customers includes passwords, text messages, notes, contacts and location data that has been stealthily accumulated by the spyware, ironically.

The database containing the private information was made available on the open web, available for anyone to access. Notably, the records exposed weren’t just limited to user data related to mSpy. The database also includes Apple iCloud usernames and authentication tokens, WhatsApp and Facebook messages as well as browser information of users who merely had the mobile app installed.

The incident was first discovered by security researcher Nitish Shah, who claims the spyware developer was unhelpful when he disclosed the findings, blocking his demand to contact the CTO or security chief.

Brian Krebs got father when he tried and the company’s chief security officer (CSO) responded by stating:

“All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach and from what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data. However, we could only find that there were only a few points of access and activity with the data.”

mSpy had previously pledged to concentrate on its cybersecurity following the 2015 breach. However, mySpy had sill not disabled links to endless screenshots on its servers taken from mobile devices running the spyware, weeks after news of the breach came to light.

Image credit: Pexels.