Spy software firm MSpy has just found out what it feels like to have its privacy violated. Creator of various mobile spying software, the firm has been approached with predatory demands by blackmailers over customer information. However, MSpy is claiming that any such allegations that they had been hacked and customer data stolen is on the web is false. Separate desktop monitoring software created by MSpy has not been found to be impacted by this alleged hack.
Word of the hack first came out via noted security expert Brain Krebs. Krebs received word from an anonymous source who notified him of a data dump. Hosted on a Tor Hidden Service site, the data weighed in at over several hundred gigabytes. The information spanned emails, conversations and photos taken from devices purportedly running MSpy’s mobile products as well as customer support emails to MSpy. As the data has now been removed from the Hidden Service, it is hard for anyone to verify the legitimacy of the data to determine if it did indeed come from a breach of MSpy, as it is possible the data could be fake or come from a non-MSpy source.
MSpy markets its spying applications as a way to monitor children or employees activity on mobile devices. It captures movements, messages and calls of any mobile device it is installed onto. Unlike malware, MSpy products do require permission to install and spy. While limiting abuse, it does mean anyone with physical access and the passkey can install, someone like a jealous partner or spouse. While the company has denied itself has been hacked, it is possible the mobile applications themselves contain vulnerabilities that could be exploited to obtain said customer information. Hopefully, researchers will be able to get to the bottom of this to prevent more abuse if it is occurring.
Thank you BBC for providing us with the information.