Whenever I warn you about hidden spy apps on your smartphone or tablet, one of the first apps I mention is mSpy. It's one of the most popular around thanks to its easy installation, the wide range of things it monitors and it's slick Web-based interface for seeing the information of the person you're spying on.
Unfortunately, there are two things no one seems to have considered. The first is that mSpy stores the information its steals from people's phones and tablets. That includes passwords, browsing history, location, texts, photos, call logs and everything else you can think of.
That's scary enough. However, the second thing no one considered is what happens if mSpy has a data breach. Hackers won't just get the information of people who bought mSpy, they could learn everything about the people being spied on as well.
Now that seems to have happened. KrebsOnSecurity got a tip that a ton of data from mSpy is now available on the Deep Web. Click here if you don't know what the Deep Web is.
Krebs checked out the site and here's what it found:
The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software. The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions.
Krebs goes on to say,
The exact number of mSpy users compromised could not be confirmed, but one thing is clear: There is a crazy amount of personal and sensitive data in this cache, including photos, calendar data, corporate email threads, and very private conversations. Also included in the data dump are thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.
Krebs reached out to mSpy and hasn't heard anything back yet, but it seems fairly clear that this is a major problem. As Krebs notes, in many cases the people doing the spying are parents keeping tabs on their kids. They've now exposed tons of information about their kids, including photos and frequently visited locations, to hackers.
The other problem is that many of the people whose information is exposed probably don't even realize it. And unlike up-and-up companies, don't expect mSpy to notify customers, offer free credit monitoring or any other compensation.