Summarize

Simplifying... Inshort

Stalkerware companies, known for their invasive spying apps, are becoming prime targets for hackers due to their lax security measures and unethical practices.
Recent breaches have not only disrupted these companies' operations but also exposed sensitive customer data.
This highlights the dual danger of stalkerware: promoting illegal spying and risking users' private data.

Was a long read? Making it simpler...

Next Article

In 2024 alone, two major stalkerware hacks have transpired, impacting millions of customers

Hacks to data leaks: The hidden dangers of Stalkerware apps

By Mudit Dube

Jul 17, 2024

10:21 am

What's the story

Stalkerware apps, designed to surreptitiously monitor and track individuals, have been repeatedly hacked, leading to massive data breaches. TechCrunch reports that since 2017, no less than 20 stalkerware companies have experienced hacking or significant data exposure. In 2024 alone, two major stalkerware hacks have transpired, impacting millions of customers. The most recent breach involved mSpy, a well-established stalkerware app that exposed millions of customer support tickets and personal user data.

Hacking incidents

Major stalkerware companies fall victim to cyber attacks

Earlier in 2024, an unidentified hacker infiltrated the servers of US-based stalkerware maker pcTattletale, stealing and leaking internal data while also defacing the company's official website. Following this cyber attack, pcTattletale founder Bryan Fleming announced his company's closure. These incidents highlight the vulnerability of stalkerware companies to data breaches, affecting not only their operations but also exposing their customers' sensitive information.

Industry vulnerability

Stalkerware industry: A "soft target" for cyber attacks

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, referred to the stalkerware industry as a "soft target." She emphasized that these companies often lack ethical standards and show little regard for product quality or customer protection. This disregard has led to a trend of stalkerware breaches that began in 2017 with US-based Retina-X and Thailand-based FlexiSpy falling victim to hackers.

Ethical concerns

Hackers target stalkerware companies to expose unethical practices

The hackers who targeted Retina-X and FlexiSpy revealed that these companies had a total of 130,000 customers worldwide. Their motivation was to expose and dismantle an industry they deemed toxic and unethical. Despite being hacked twice in two years, leading to its shutdown, Retina-X's counterpart FlexiSpy remains active today. Other stalkerware companies like Mobistealth, Spy Master Pro, and SpyHuman have also been victims of data breaches.

Data exposure

Stalkerware companies' negligence exposes users' sensitive data

In one instance, SpyFone inadvertently exposed data by leaving an Amazon-hosted S3 storage bucket unprotected online. This lapse allowed anyone to access and download text messages, photos, audio recordings, contacts, location data, scrambled passwords, login information, and Facebook messages. Other stalkerware companies like FamilyOrbit, mSpy, Xnore, and MobiiSpy have also irresponsibly left customer and victims' data online. The use of stalkerware apps not only encourages illegal spying but also puts users' private data at risk.