Saturday, May 24, 2025
HomeComputer SecurityMobile Spyware Maker mSpy Leaked Millions of Sensitive Data Online in Plain...

Mobile Spyware Maker mSpy Leaked Millions of Sensitive Data Online in Plain Text

Published on

SIEM as a Service

Follow Us on Google News

A leading mobile spyware maker mSpy leaked more than a million paying customers including kids and partners high sensitive data online.

mSpy is a brand of mobile and computer parental control monitoring software for iOS,  Android, Windows, and macOS. mSpy monitors and logs user activity on the client device.

Leaked data contains millions of users including passwords, call logs, text messages, contacts, notes, and location data.

- Advertisement - Google News

These all the data has been collected secretly from kids, loved one and company employees from the different organization.

An online open mspy database has been discovered by a security researcher Nitish Shah that contains the username, password and private encryption key of each mSpy customer.

In this case, he tried to alert the company of his findings, but the company’s support personnel ignored him.

These sensitive data belongs to each mSpy customer who logged in to the mSpy site or purchased a mSpy license over the past six months.
Accoring to krebs on security, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files.
Anyone who stumbled upon this database also would have been able to browse the Whatsapp and Facebook messages uploaded from mobile devices equipped with mSpy.

Different records uncovered incorporated the exchange points of interest of all mSpy licenses bought in the course of the most recent a half year, including customer name, email address, street number and sum paid. Likewise in the informational collection were mSpy user logs from browser and Internet address data of individuals visiting the mSpy Web website.

Andrew,  mSpy’s chief security officer said“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure,”

“All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time.”

This is a second-time mSpy Failed to protect their customer within 3 years and the 1st breach has been reported on 2015.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Expose 184 Million User Passwords via Open Directory

A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a...

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...

ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots

A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io's Threat Detection & Research (TDR)...