Security News Mobile Spyware Maker mSpy Leaks Millions of Records – Again

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
It’s one thing to slip spyware onto somebody’s phone so you can surreptitiously intercept text messages, call logs, emails, location tracking, calendar information and record conversations – that kind of privacy-spurning stuff. It’s another thing entirely to be the company that makes and markets the software… and – the coup de GAH! – to suffer a breach that exposes not only the private data of the buggers, but that of the buggees… Twice. In three years.

Yes, we’re talking about mSpy. The “ultimate tracking software” runs on mobile phones and tablets, including iPhones and Androids. The company claims that it helps more than a million paying customers spy on the mobile devices of their kids and partners. (Is it illegal? Well, mumble mumble, totally legal if you tell the target… which of course you’ll do, right… well, anyway, it’s your problem.) The most recent breach, first reported by security journalist Brian Krebs on Tuesday, involves what he says is millions of sensitive records published online, “including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.” The open database was discovered by security researcher Nitish Shah. It’s since been taken offline, but while it was flapping open, anyone could query what Krebs said were “up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software,” all accessible without requiring user authentication. That includes usernames, passwords and the private encryption keys of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. Shah said that with the private key, anyone could track and view details of a mobile device running the software.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top