Whenever you search for the spying apps, you would always find one name mentioned in most reviews – mSpy. However discoveries recently highlight that mSpy leaked data of both the targets as well as customers online.
mSpy Leaked Data Of Customers And Targets
Security researcher Nitish Shah approached them recently, directing them towards an open database supposedly belonging to mSpy. He noticed it had leaked data that included millions of sensitive records of mSpy users as well as data from targeted devices. The records could be accessed without the need for any authentication.
According to Shah, the exposed data included usernames and passwords of app customers along with their private encryption keys that could further help to access the data of the targeted devices. It also included the last six months records of mSpy license purchases as well as mSpy user logs. Moreover, it included the Apple iCloud data of devices with the spyware installed on them.
Leaked Data ‘Taken Offline’ After Some Time
After discovering the data, Nitish Shah reached out to mSpy support officials to inform them of the matter. However, to his dismay, he did not receive any encouraging response. He commented,
“I was chatting with their live support, until they blocked me when I asked them to put me in contact with their CTO or head of security.”
Later on, he shared the matter with KrebsOnSecurity who also contacted the firm. This time, they responded to the incident in an email that stated,
“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure. All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach. From what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data.”
For now, they have stopped the data leakage. Yet, with this incident, mSpy joins the ongoing trail of data exposures by spyware firms. Not much time has passed since we heard of similar incidents such as SpyFone and Family Orbit leaking records.