View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

400,000 people allegedly exposed as spyware data dumped onto Deep Web

mSpy is used to collect tracking, payment and conversation info from relatives.


Payment details, Apple credentials and even private conversations belonging to 400,000 people may have been exposed in a cyberattack on a software service that lets people spy on their families.

Hackers claiming to have gained access to mSpy, which collects data from people’s mobile devices, are thought to have dumped the information onto the Deep Web, which is not indexed by search engines and has to be accessed through anonymous services such as Tor.

Brian Krebs, a security reporter who found the data haul, said that there was "a crazy amount of personal and sensitive data" within the collection, including details of private conversations and corporate email threads.

He noted that the dump consisted of "several hundred gigabytes worth of data" that was allegedly taken from mSpy’s products, including some four million event logs.

Whilst mSpy has been contacted to comment on the veracity of the data and how it plans to respond to the allegations, it has yet to reply.

Documents from Companies House in London show that both of mSpy’s directors Pavel Daletski and Aleksey Fedorchuk are British citizens involved in the software industry, though the company also has sales offices in the US and Germany.

CBR has passed information onto the Information Commissioner’s Office, but the data regulator has yet to comment on the matter.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

Trey Ford, global security strategist at Rapid7, said: "I think the most interesting aspect of this breach is that people being spied on were having their information stolen by one party, and it’s now moving rapidly through the underground.

"Not only is the legality of installing this software questionable, but those who have the software on their devices have had their lives laid out in an un-contained information disclosure – it’s highly unlikely the victims of this crime will understand the extent of the damage for a very long time, if ever."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy