Millions of spyware customers exposed in mega data breach

Kaspersky Report on Stalkerware
(Image credit: Kaspersky)

Another spyware company has been breached, with sensitive data held on its customers leaked online, researchers have revealed.

This time, it’s the Ukrainian company Brainstack, which builds and maintains mSpy, which currently has around 1.5 million users.

The breach came after unidentified threat actors reportedly broke into the company’s Zendesk platform, used to handle customer support. From there, they stole more than 100 gigabytes of records, which include customer support tickets and accompanying attachments. These attachments often include personal documents, as well. Location data was also found, based on people’s IP addresses. 

Identity data and personal documents

Journalists from TechCrunch sifted through the database and found several senior-ranking US military personnel, a serving US federal appeals court judge, and a watchdog for a US government department, all having used the app at one point. The list also includes an Arkansas county sheriff’s office, asking for a free trial. 

While 100 gigabytes sounds like a lot, the publication says that the data only includes people who reached out to customer support, and that the user base of mSpy is probably a lot bigger. 

HaveIBeenPwned?, an online service where people can check to see if their email address was leaked in a breach, added 2.4 million unique email addresses to its database. This doesn’t necessarily mean that 2.4 million people were affected, since many could have used new, “burner” email addresses just for mSpy. 

Brainstack is currently keeping quiet.

Spyware, as the name suggests, is used for spying. It is also sometimes called stalkerware, or spouseware, both self-explanatory names. Users who buy the license install the app on mobile phones belonging to their spouses, partners, children, or employees, without their knowledge or consent. The app is capable of tracking on-device activity, in real-time, providing the owner of the license with access to calls logs, messages, location data, on-device files, and more.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
Stalkerware
New spyware found to be snooping on thousands of Android and iOS users
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background
Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
Latest in News
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations