{"id":24877,"date":"2024-07-12T08:10:11","date_gmt":"2024-07-12T16:10:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/07\/12\/news-18607\/"},"modified":"2024-07-12T08:10:11","modified_gmt":"2024-07-12T16:10:11","slug":"news-18607","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/07\/12\/news-18607\/","title":{"rendered":"Dangerous monitoring tool mSpy suffers data breach, exposes customer details"},"content":{"rendered":"\n<p>In a new episode of <a href=\"https:\/\/www.malwarebytes.com\/blog\/podcast\/2023\/07\/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew\">Spy vs Spy<\/a>, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers.<\/p>\n<p>As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor on other users are also\u2014unsurprisingly\u2014rather lax when it comes to their own security. This is\u00a0<a href=\"https:\/\/techcrunch.com\/2018\/09\/05\/mobile-spyware-maker-leaks-2-million-records\/\" target=\"_blank\" rel=\"noreferrer noopener sponsored nofollow\">the third known mSpy data breach<\/a>\u00a0since the company began in around 2010.<\/p>\n<p><a href=\"https:\/\/techcrunch.com\/2024\/07\/11\/mspy-spyware-millions-customers-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">TechCrunch reports<\/a> that in May 2024, unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents.<\/p>\n<p>The stolen support tickets date back to 2014, so that\u2019s a decade&#8217;s worth of support tickets, reportedly millions of individual customer service tickets and their corresponding email addresses, as well as the contents of those emails.<\/p>\n<p>Sold as a parental monitoring tool, mSpy touts itself as:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201ca hugely powerful phone monitoring app which can report on almost every area of your kid&#8217;s online activities (and one or two of the offline ones, too).\u201d<\/p>\n<\/blockquote>\n<p>Parental monitoring apps present their own complications\u2014<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2019\/07\/parental-monitoring-apps-how-do-they-differ-from-stalkerware\">particularly when they&#8217;re used non-consensually against children<\/a>\u2014as they can give parents a near-omniscient, unfiltered view into their children\u2019s lives, granting them access to text messages, shared photos, web browsing activity, locations visited, and call logs. Without getting consent from a child, these surveillance capabilities represent serious invasions of privacy.<\/p>\n<p>The same is true when these types of apps are used against adults, and while mSpy may advertise itself now as a tool for parental safety, that wasn&#8217;t the case when it was founded. <\/p>\n<p>In fact, in the early 2010s, mSpy promoted its monitoring capabilities against adults, including both in an office environment and in romantic relationships. Looking back at a <a href=\"https:\/\/web.archive.org\/web\/20140208003055\/http:\/\/www.mspy.com\/features.html\">2014 archive of mSpy&#8217;s website<\/a>, the company claims that, with mSpy, employers can &#8220;make sure your employees\u2019 time is not wasted on writing personal emails.&#8221; In an earlier <a href=\"https:\/\/web.archive.org\/web\/20121001024710\/http:\/\/www.mspy.com\/web\/20121001024710\/http:\/\/www.mspy.com\/uses.html\">archived version of mSpy&#8217;s website from 2012<\/a>, the company touts that its app can help you &#8220;discover if your partner is cheating on you.&#8221; <\/p>\n<p>At Malwarebytes, we prefer to refer to these types of apps as \u201cstalkerware\u201d and as one of the founding members of the <a href=\"https:\/\/stopstalkerware.org\/\">Coalition Against Stalkerware<\/a>, we advise strongly against using these apps.<\/p>\n<p>The Coalition Against Stalkerware defines stalkerware as tools\u2014software programs, apps and devices\u2014that enable someone to secretly spy on another person\u2019s private life via their mobile device. The abuser can remotely monitor the whole device including web searches, geolocation, text messages, photos, voice calls and much more. Such programs are easy to buy and install. They run hidden in the background, without the affected person knowing or giving their consent. Regardless of stalkerware\u2019s availability, the abuser is accountable for using it as a tool and hence for committing this crime.<\/p>\n<p>TechCrunch analyzed where mSpy\u2019s contacting customers were located by extracting all of the location coordinates from the dataset and plotting the data in an offline mapping tool. The results show that mSpy\u2019s customers are located all over the world, with large clusters across Europe, India, Japan, South America, the United Kingdom, and the US.<\/p>\n<p>If you fear your data may have been exposed in this or any other breaches, Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>&nbsp;and we\u2019ll give you a report and recommendations.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>If you are looking for a way to remove stalkerware from your device, you have come to the right place. You can keep these and other threats off your mobile devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a>&nbsp;today.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<h2 class=\"wp-block-heading\" id=\"h-summer-mega-sale\">Summer mega sale<\/h2>\n<p>Go into your vacation knowing you&#8217;re much more secure: This summer you can get a huge <a href=\"https:\/\/try.malwarebytes.com\/summer-mega-sale\/blog\"><strong>50%\u00a0off\u00a0a Malwarebytes Standard subscription<\/strong> or <strong>Malwarebytes Identity bundle<\/strong><\/a>. Run, don&#8217;t walk!<\/p>\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-white-color has-blue-background-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/try.malwarebytes.com\/summer-mega-sale\/blog\/\"><strong>SAVE 5<\/strong>0<strong>% TODAY<\/strong><\/a><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/07\/dangerous-monitoring-tool-mspy-suffers-data-breach-exposes-customer-details\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Customers of the stalkerware application mSpy had their customer support details exposed after a data breach <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[23476,19408,32,22375,5897,19409],"class_list":["post-24877","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-coalition-against-stalkerware","tag-mspy","tag-news","tag-parental-monitoring","tag-privacy","tag-stalkerware"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24877"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24877\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}