Millions of spyware customers exposed in mega data breach

News
By
published

mSpy customer support platform breached and data leaked

Kaspersky Report on Stalkerware
(Image credit: Kaspersky)

Another spyware company has been breached, with sensitive data held on its customers leaked online, researchers have revealed.

This time, it’s the Ukrainian company Brainstack, which builds and maintains mSpy, which currently has around 1.5 million users.

The breach came after unidentified threat actors reportedly broke into the company’s Zendesk platform, used to handle customer support. From there, they stole more than 100 gigabytes of records, which include customer support tickets and accompanying attachments. These attachments often include personal documents, as well. Location data was also found, based on people’s IP addresses. 

Identity data and personal documents

Journalists from TechCrunch sifted through the database and found several senior-ranking US military personnel, a serving US federal appeals court judge, and a watchdog for a US government department, all having used the app at one point. The list also includes an Arkansas county sheriff’s office, asking for a free trial. 

While 100 gigabytes sounds like a lot, the publication says that the data only includes people who reached out to customer support, and that the user base of mSpy is probably a lot bigger. 

HaveIBeenPwned?, an online service where people can check to see if their email address was leaked in a breach, added 2.4 million unique email addresses to its database. This doesn’t necessarily mean that 2.4 million people were affected, since many could have used new, “burner” email addresses just for mSpy. 

Brainstack is currently keeping quiet.

Spyware, as the name suggests, is used for spying. It is also sometimes called stalkerware, or spouseware, both self-explanatory names. Users who buy the license install the app on mobile phones belonging to their spouses, partners, children, or employees, without their knowledge or consent. The app is capable of tracking on-device activity, in real-time, providing the owner of the license with access to calls logs, messages, location data, on-device files, and more.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

More about security
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

These fake macOS updates are actually just looking to spread malware
Ransomware

Lee Enterprises blames cyberattack for encrypting critical systems as US newspaper outages drag on
Three iPhones side-by-side with the Google Lens search feature being shown on each.

Google Lens just got an upgrade on your iPhone. Here’s how it works
See more latest