Hacking, Leaking, Exposure: Do not use stalkerware apps

There is a shady industry for those who want to monitor and spy on their families. Several app makers advertise and promote their software. Stalker wear – Become a jealous partner who can remotely access victims’ phones using these apps.

But despite how sensitive this personal data is, the growing number of these companies is lost in large numbers.

According to TechCrunch’s tally, counts Latest data exposure for CatWatchfulsince 2017, there are at least 26 Stalkerware companies known to have been hacked or leaked customer and victim data online. That’s not a typo. At least 26 Stalkerware companies have either been hacked or have been exposing important data in recent years. Additionally, four stalkerwear companies have been hacked multiple times.

Catwatchful is the latest Stalkerware provider reportedly violated this year, and the user data bank dates back to 2018. The violation reveals that it breached private telephone data of around 26,000 victims at the time the data was leaked.

CatWatchful data leaks will be later SPYX data breach this yearand data exposures cocospy, spyicand Spy Security researchers found a bug that allowed access to that data, and surveillance operations that left messages, photos, call logs and other personal and sensitive data from millions of victims published online.

Before this year, there were at least four major stalker wear hacks in 2024. The last stalkerware violation of 2024 was affected Spytech is a little-known spyware manufacturer based in Minnesotahas released activity logs from mobile phones, tablets and computers monitored by spyware. Before that there was a violation, one of MSPY’s longest-running stalkerware apps. Millions of Customer Support Ticketswhich included personal data from millions of customers.

Previously, unknown hackers Invaded the US-based Stalkerware Maker Pctattletale server. The hackers then stole and leaked internal company data. They also tainted the official Pctattletlea website with the goal of embarrassing the company. Hackers referenced a recent TechCrunch article we reported pctattletale was used to monitor some front desk check-in computers A US hotel chain.

As a result of this hacking, leaking, and shame manipulation, PcTattleleale founder Bryan Fleming He said he was shutting down His company.

Consumer spyware apps such as Catwatchful, Spyx, Cocospy, Mspy, and Pctattletale are commonly referred to as “stalkerware” (or spouse).

These companies often explicitly sell their products as a solution to catch fraud partners by encouraging illegal and unethical behavior. there was Multiple lawsuits, Media research and Domestic abuse shelters investigation It shows that online stalking and surveillance can lead to real-world cases of harm and violence.

That’s part of why hackers are repeatedly targeting some of these companies.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a leading researcher and activist who has been researching and fighting Stalkerware for many years, said the Stalkerware industry is a “soft target.”

“The people who run these companies are probably the most cautious, but not really worried about the quality of their products,” Galperin told TechCrunch.

Given Stalkerware’s history of compromise, that might be an understatement. And using these apps means that there is a lack of care to protect your customers, and as a result, the personal data of tens of thousands of unconscious victims is double irresponsible. Stalkerware customers are violating their partners by breaking the law and illegally spying on them, and putting everyone’s data at risk.

The history of stalker wear hacks

The gust of stalkerware violation began in 2017 when a group of hackers began Violated US-based Retina-X and Thailand-based Flexispy From the back. These two hacks revealed that the company has a total of 130,000 customers worldwide.

At the time, proudly arguing for the responsibility of compromise, the hackers explicitly stated that their motivations were exposed and helped them destroy industries they deemed toxic and unethical.

“I burn them on the ground and never leave any of them to hide,” one of the hackers involved told Motherboard.

Referring to Flexispy, the hacker added: “I hope they’ll fall apart and fail as a company and have time to look back on what they’ve done, but I’m worried that they’ll try to give birth to themselves again in a new way.

Despite Hack and years of negative public attention, Flexispy is still active today. The same cannot be said about Retina-X.

Hackers who infiltrated Retina-X wiped the server with the goal of blocking its operation. The company bounced back – And then it was hacked again a year later. A few weeks after the second violation, Retina-X announced it is closed.

A few days after the second Retina-X breach, Hackers hit Mobistealth and Spy Master Progigabytes of customers and business records, and victims steal accurate GPS locations with intercepted messages. Another stalkerware vendor, India-based spy humanencountering the same fate a few months later, hackers steal text messages and invoke metadata.

A few weeks later, there was the first case of accidental data exposure rather than hack.

Spyfone left S3 storage bucket hosted on Amazon online unprotectedwhich means anyone can view and download text messages, photos, audio recordings, contacts, location data, scramble passwords, login information, Facebook messages, and more. All of that data was stolen from the victims, but most of them didn’t know they were being spyed on. Their most sensitive personal data can’t be made known that they are on the internet for everyone to see.

Apart from CatWatchful, other Stalkerware companies that have irresponsibly left customer and victim data online for many years include: Protected only by easy-to-find passwords; mspy, Over 2 million customer records have been lost 2018. Xnore, that Have customers see the personal data of other customers’ targetsincluding chat messages, GPS coordinates, emails, photos, and more. Mobiispy with 25,000 audio recordings and 95,000 images A server that anyone can access. The list continues: Kids Guard in 2020 The wrong server that leaked victim’s content;Pctattletale, before hacking Exposed screenshots of victim devices uploaded in real time A website that anyone can access. Xnspy, its developer Remaining qualifications and private keys in the app codeensuring that everyone has access to the victim’s data. and Spy, Cocospi and Spice Chichas kept victim messages, photos, call logs, and other personal data, as well as customer email addresses publicly online.

Regarding other stalkerware companies that have actually been hacked, Spyx earlier this yearthere was Copy9 Hackers steal data from all of their surveillance targetstext and WhatsApp messages, call recordings, photos, contacts, browsing history, and more. letmespy, Hackers were compromised and shut down after wiped the server;Brazil-based webdetet; I also deleted the serverand Then I hacked againOwnSpy, which provides a lot of Webdetive’s backend software, has also been hacked. Spyhide has a vulnerability in the code This allowed hackers to access the backend database And then the year data on about 60,000 victims was stolen. ospy, This was a brand of Spyhide brand. Shut down again. And the latest MSPY hacks are unrelated to previous leaks.

Finally, there is thetruthspy Networking of stalkerware appsat least keeps a suspicious record of hacking or data leaked three another opportunity.

Hacked, but not repented

Eight of these 26 Stalkerware Companies have been closed, according to a TechCrunch tally.

The first, unique case so far, is the Federal Trade Commission We banned Spyfone and its CEO, Scott Zuckermanfrom operations in the surveillance industry following previous security revocations that revealed victim data. Another stalkerware operation linked to Zuckerman called Spytrac, Then shut down Following the TechCrunch investigation.

Mobile phones and Histar, two other companies not known to have been hacked, Also shut down After the New York Attorney General accused customers of explicitly encouraging them to use the software for illegal surveillance.

But the fact that the company has been closed doesn’t mean it’s gone forever. Like Spyhide and Spyfone, some of the same owners and developers behind closed stalkerware makers have simply been rebranded.

“I think these hacks do things. They accomplish things and put a dent in it,” Galperin said. “But if you hack the stalkerwear company, they simply swing their fists, curse your name, disappear with a puff of blue smoke and you’re going to never see it again, that’s definitely not.”

“Most of the time, when you can actually kill a Stalkerware Company, the Stalkerware Company appears like a mushroom after the rain,” added Galperin.

There is some good news. In a report last year, security company MalwareBytes said Stalkerware usage is decliningAccording to the proprietary data of customers infected with this type of software. Galperin also reports that customers and prospects complain that they don’t work as intended, seeing an increase in negative reviews for these apps.

However, Galperin said security companies may not be as good at detecting stalkerware as they used to, or that stalkers may have moved from software-based surveillance to physical surveillance that can be done by air tags and other Bluetooth-enabled trackers.

“Stalkerwear doesn’t exist in the vacuum. Stalkerwear is part of a world of tech-responsive abuse,” Galperin said.

Say no to stalker wear

Using spyware to monitor your loved ones is not only unethical, but is also considered illegal surveillance in most jurisdictions.

That’s an important reason why you don’t already use Stalkerware. There have been issues that have proven many times that Stalkerware manufacturers cannot keep their data safe. Data belonging to the customer does not belong to the victim or target either.

Apart from spying on romantic partners and spouses, some people use stalkerwear apps to monitor their children. Although this type of use is legal, at least in the US, using Snoop on a child’s phone using Stalkerware does not mean it’s creepy and unethical.

Even if it is legally used, Galperin believes that parents should not spy on their children without telling them and agreeing to them.

If parents inform their children and reach them, the parents should move away from unstable and unreliable stalkerware apps and use built-in parent tracking tools Apple phones and tablets and Android devices It works safer and more vividly.

Summary of violations and leaks

This is the complete list of Stalkerware companies that have been hacked or leaked sensitive data since 2017.

It was first published on July 16, 2024 and updated to include Catwatchful as the latest Stalkerware app with security issues.

If you or someone you know needs help, the domestic domestic violence hotline (1-800-799-7233) provides secret support to victims of domestic abuse and violence 24/7. If you are in an emergency, call 911. Coalition with stalkerwear If your phone seems to be compromised by spyware, you have the resources.

Flash News

Stocks fall into the latest tariffs, soft job data

Tesla is partially liable in Florida’s Autopilot Trial, with ju apprentices awarding $200 million in damages

Cygna stocks will fall into revenue even if they avoid the managed care crisis

AI transforms film production with audio clones and visual effects

Mach Industries’ Ethan Thornton will be appearing on the AI stage in 2025

Alignment Healthcare’s Joyce sells $247,950 shares