Monday, November 4, 2024
HomeComputer SecurityMobile Spyware Maker mSpy Leaked Millions of Sensitive Data Online in Plain...

Mobile Spyware Maker mSpy Leaked Millions of Sensitive Data Online in Plain Text

Published on

Malware protection

A leading mobile spyware maker mSpy leaked more than a million paying customers including kids and partners high sensitive data online.

mSpy is a brand of mobile and computer parental control monitoring software for iOS,  Android, Windows, and macOS. mSpy monitors and logs user activity on the client device.

Leaked data contains millions of users including passwords, call logs, text messages, contacts, notes, and location data.

- Advertisement - SIEM as a Service

These all the data has been collected secretly from kids, loved one and company employees from the different organization.

An online open mspy database has been discovered by a security researcher Nitish Shah that contains the username, password and private encryption key of each mSpy customer.

In this case, he tried to alert the company of his findings, but the company’s support personnel ignored him.

These sensitive data belongs to each mSpy customer who logged in to the mSpy site or purchased a mSpy license over the past six months.
Accoring to krebs on security, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files.
Anyone who stumbled upon this database also would have been able to browse the Whatsapp and Facebook messages uploaded from mobile devices equipped with mSpy.

Different records uncovered incorporated the exchange points of interest of all mSpy licenses bought in the course of the most recent a half year, including customer name, email address, street number and sum paid. Likewise in the informational collection were mSpy user logs from browser and Internet address data of individuals visiting the mSpy Web website.

Andrew,  mSpy’s chief security officer said“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure,”

“All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time.”

This is a second-time mSpy Failed to protect their customer within 3 years and the 1st breach has been reported on 2015.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...