Spyware company mSpy—which lets people pay for software to secretly track their loved ones, employees, and really whoever they want—has been hacked, and a huge data dump posted on a Tor-accessible website.
Since mSpy provides a dubiously legal way to trace someone’s online footprint, right down to their location and calls, texts, photos, and browsing history, hacking into mSpy gives would-be thieves a motherlode of personal data.
This means people getting tracked by mSpy software—many of them kids whose parents want to keep a watchful eye—are doubly screwed: Not only is someone they know secretly spying on them, but now their personal information is accessible to anyone who wants it because someone they know was secretly spying on them.
Krebs on Security reports that the hackers responsible say they have access to data from over 400,000 users, including banking information, Apple IDs, emails, text messages, and passwords.
I’ve contacted mSpy to find out more details about the hack, but it has not responded.
Whenever it responds to critics, mSpy characterises that its secret tracking software is a way to protect kids and businesses. But this hack leaves those supposedly “protected” spyware targets more vulnerable than ever.