View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

400,000 people allegedly exposed as spyware data dumped onto Deep Web

mSpy is used to collect tracking, payment and conversation info from relatives.

By Jimmy Nicholls

Payment details, Apple credentials and even private conversations belonging to 400,000 people may have been exposed in a cyberattack on a software service that lets people spy on their families.

Hackers claiming to have gained access to mSpy, which collects data from people’s mobile devices, are thought to have dumped the information onto the Deep Web, which is not indexed by search engines and has to be accessed through anonymous services such as Tor.

Brian Krebs, a security reporter who found the data haul, said that there was "a crazy amount of personal and sensitive data" within the collection, including details of private conversations and corporate email threads.

He noted that the dump consisted of "several hundred gigabytes worth of data" that was allegedly taken from mSpy’s products, including some four million event logs.

Whilst mSpy has been contacted to comment on the veracity of the data and how it plans to respond to the allegations, it has yet to reply.

Documents from Companies House in London show that both of mSpy’s directors Pavel Daletski and Aleksey Fedorchuk are British citizens involved in the software industry, though the company also has sales offices in the US and Germany.

CBR has passed information onto the Information Commissioner’s Office, but the data regulator has yet to comment on the matter.

Content from our partners
A hybrid strategy will help distributors execute a successful customer experience
Amalthea leverages AI and automation to improve yield while minimising waste and costs
How AI is unlocking valuable opportunities in the insurance industry

Trey Ford, global security strategist at Rapid7, said: "I think the most interesting aspect of this breach is that people being spied on were having their information stolen by one party, and it’s now moving rapidly through the underground.

"Not only is the legality of installing this software questionable, but those who have the software on their devices have had their lives laid out in an un-contained information disclosure – it’s highly unlikely the victims of this crime will understand the extent of the damage for a very long time, if ever."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.