View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers allegedly exploit leaked data from mSpy and Adult Friend Finder

Data dumps are being sold or abused by criminals, reports claim.


Data from the cyberattack on the snooping tool mSpy appears to be being exploited by hackers after leaking onto the deep web, according to a report from security blogger Brian Krebs.

Criminals frequenting the Hell forum, which can only be reached through the anonymous Tor network, were said to be using the mSpy data to deduce passwords and usernames for Apple’s iTunes service.

Ping, a moderator on the forums, reportedly wrote that users could login to the Apple accounts using Tor and be "perfectly safe", and could also abuse the "Find My iPhone" feature to gain money from account holders.

"Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom," Ping suggested.

The report follows attempts from mSpy to play down suggestions it had been compromised, with a spokeswoman telling CBR last Tuesday that the company had received "frequent threats" of such hacking in the past.

"We never have or ever will fall for provocations of third parties and our only response for such ‘ventures’ will be further securitisation of any corporate and customer related data," she said, writing in an email.

However last week the company was forced to admit that it had been hacked and that customer records had been leaked online, prompting an investigation from the Information Commissioner’s Office in the UK.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

Similar reports have also been published alleging that a database copied from Adult Friend Finder was being sold for around $17,000 (£11,000) worth of Bitcoins during March.

Writing in a security update last Friday, the dating site said: "As is common with similar cyberattack events, until the investigation is completed, it will be difficult to confirm the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates on this site as we learn more from our investigation."

It insisted that at the time of writing there was "no evidence" that financial data or passwords had been compromised.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy