mSpy data leak again: millions of stalkerware users exposed

Another data leak has laid bare the identities of millions of users who thought spying on others was a grand idea.

mSpy is in the spotlight again, and not in a good way. A data leak has once more exposed millions of users who use this handy surveillance app to spy on others. Among these privacy enthusiasts are none other than US military personnel, judges, and sheriffs. Because who wouldn't trust a stalkerware app to keep their secrets safe, right?

mSpy's Grand Data Leak Adventure Continues

The surveillance app mSpy is once again facing a colossal data leak. This time, several hundred gigabytes of sensitive information have been spilled, exposing millions of users from Europe, India, Japan, and the Americas. According to the according TechCrunch report, who took a peek at the stolen data, this includes users who have been sneaking around with mSpy's spyware for the past decade.

In May 2024, some "unknown attackers" helped themselves to millions of mSpy's customer support tickets. These treasure troves included names, support emails, and attachments including personal documents for identification purposes. So, it's now crystal clear who has been itching to spy on others using mSpy.

mSpy logs websites visited, SMS, emails and calendar entries, among other things. Target persons can be located via GPS. The premium version even automatically sounds an alarm if the spied device leaves a certain radius of movement.

Screenshot

mSpy Mystery Solved: The Brainstack Connection

For a longtime, the mastermind behind the mSpy app was shrouded in mystery. But the report has revealed that the operator is none other than the Ukrainian company Brainstack. This company markets mSpy on a German website as "the best mobile phone tracking for parental controls." For a small subscription fee, customers can finally get their "peace of mind" and stop staring at the ceiling all night.

Of course, in reality, these apps are more like stalkerware, because let's be honest, it's mostly jealous partners using them to spy on their significant others without consent.

mSpy has to deal with repeated data leaks

According to TechCrunch, the data leak includes records from the spyware maker's Zendesk-based customer support system that date back to 2014. Some of these emails and messages contained requests from several high-ranking members of the US military, a sitting judge of a US federal appeals court, a regulatory authority of a US department and the sheriff's office of a county in Arkansas. Some of these were requests for a free license to test the app. The total number of mSpy users is likely to be much higher, as not all of them contacted customer service. Potentially affected users can now use the Have I Been Pwned platform to check whether their email address is part of the data breach.

In 2018, there was already a report that millions of confidential data from the surveillance service had been leaked online, including passwords, call logs, text messages, contacts, notes and location data. It is unclear to what extent the new glitch involves more recent information or how much of it is more recent.

about author