mSpy, a company which makes spyware used by suspicious parents and partners to spy on iPhone usage, has accidentally exposed millions of private records on the web. Data exposed includes passwords, text messages, contacts, call logs. notes and location data …
The breach was first reported by KrebsonSecurity.
Krebs adds that anyone accessing the data would also be able to browse WhatsApp and Facebook messages.
Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. The private key would allow anyone to track and view details of a mobile device running the software, Shah said.
mSpy was previously hacked, back in 2015, with customer data posted to the dark web. The company goes to some lengths to hide its own activities, including the country in which it is based. In the US, selling spyware is a criminal offence.
The spyware requires iCloud credentials in order to be set up, but no login was required to access the exposed data.