mSpy, a company that sells “customized and user-friendly mobile and computer monitoring solutions,” has apparently suffered a data breach.
They still haven’t confirmed it, but according to Brian Krebs, who was notified about the stolen data by an anonymous source and pointed towards the Tor-based Web page hosting it, the trove contains “several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software.”
“The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions,” he says.
The mSpy mobile app is able to track a target’s GPS location, web history, images, videos, email, SMS, Skype, WhatsApp, and keystrokes, and its desktop software takes screenshots and logs pressed keys, so you can immagine the amount of extremely sensitive and private data this cache holds.
Despite the proclamation on their website that says their software is intended for legal uses only and that users/owners of the device should be, by law, required to be informed that it is being monitored, it’s unrealistic to expect that all those who opted for using it do so without breaking the law.
“A public relations pitch from mSpy to KrebsOnSecurity in March 2015 stated that approximately 40 percent of the company’s users are parents interested in keeping tabs on their kids,” Krebs pointed out. “Assuming that is a true statement, it’s ironic that so many parents have now unwittingly exposed their kids to predators, bullies and other ne’er-do-wells thanks to this breach.”