Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
There is a completely shadowy industry for people who want to observe and spy in their families. Multiple applicants market their software – sometimes referred to as Stackerware – JE for those who are in the west partners who can use these applications to access the phones of the victims from far away.
Nevertheless, despite how sensitive this data is, a growing number of these companies is losing it in large quantities.
According to TechCrunch Tally, calculated The latest data violation of the spioxThere have been at least 25 stallerware companies that have been hacked since 2017, or data for customers and victims have been leaked online. This is not a type either: at least 25 Stalkerware companies have been hacked or have a significant data exposure in recent years. And the four Stalkerware companies were hacked multiple times.
SpyX is the latest stallerware supplier this year reports for violation, although the breach itself starts from mid -2024. The violation reveals that the Spiex family of applications compromised on the personal phone data of about two million victims during the violation of the family.
Spyx Violation comes after the exposure of the data Spy, Cocrospi, and Spike Surveillance operations that opened up messages, photos, call logs and other personal and sensitive data online, according to a security researcher who got a bug that allows them to access the data.
Before this year, at least four huge stalkerware hacks in 2024 were hack Spiec, a little known spyware manufacturer located in MinnesotaWhich opens up the activities logs from observing phones, tablets and computers with spyware. Before that, there was a violation in MSPY, one of the longest running Stachwareware applications, which was exposed Tickets for several million customer supportIt includes personal data for several million customers.
Previously, an unknown hacker The US-based stallerware manufacturer entered on PacTotlatele’s serversThe The hacker then stole the company’s internal data and leaked it. They also distorted the official website of Pactlette’s with the goal of embarrassing the company. Hacker mentions the recent TechCrunch article where we have reported Several front desk-in computers were used to monitor computers In a US hotel chain.
As a result of this hack, leaked and shame operation, Pistatletlet founder Brian Fleming Said he was going off His company.
Customer spyware applications such as Spiox, Cocrospi, MSPY and Pactletle are commonly referred to as “stalkerware” (or wife / wife) because violent wives and partners use them to monitor and monitor their loved ones.
These companies often market their products as a solution to catch fraud partners by encouraging illegal and immoral behavior. And There have been multiple court cases, Investigating journalism And Shelter It shows that online stems and observations can occur in the case of real-world damage and violence.
And that’s why hackers have repeatedly targeted some of these companies.
Eva Galperin, a leading researcher and activist who has investigated and fought for the Stacckerwaire for years, says the stalkerware industry is a “soft target”.
“Those who operate these companies are probably not the most worrying or really concerned about the quality of their products,” Galperin told TechCrunch.
Given the history of compromise on stalkerware, it could be a brief description. And due to lack of care to protect their own customers – and as a result the personal data of thousands of unknown damage – these applications are twice irresponsible to use. Stackerware customers can break the law, by illegally spying on their partners by abusing them and above all, everyone’s data is in danger.
A history of stalkerware hack
Stackerware violations started in 2017 when a group of hackers started in 2017 US-based retina-X violating And Thailand-based FlexCP Behind the back. These two hacks have revealed that the companies had a total of 5 customers around the world.
At that time, the hackers who – proudly – claimed for the compromise clearly stated that their inspirations were to destroy an industry that considered poisonous and immoral.
“I will burn them on the ground, and don’t go anywhere to hide any of them,” tells one of the hackers involved in the motherboard.
Referring to Flexispie, the hacker added: “I hope they will be separated as an agency and fail, and have some time to reflect what they have done. But I fear they may try and give birth to themselves in new size again. But if they do it, I will be there.”
Hack, and despite the negative public attention year after year, the FlexCP is still active today. Can’t say the same about Retina-X.
The hacker who broke up in Retina-X deleted the goal of disrupting his servers. The company returned – And then it was hacked again a year laterThe After a few weeks of second violation, Retina-X has announced that it is going offThe
Just a few days after the second retina-X violation, Hackers hit the Mobstelth and Spy Master ProGigabytes of customer and business records, as well as steal the damage barrier messages and specific GPS positions. Another stackerware seller, India -based spayhmanA few months later, the same consequences faced the same consequences, the hackers steal the text message and call the metadata, which was called and when the log.
Weeks later, instead of hack, the first case of accidental data exposure was. Spyphones are an Amazon-Hosted S3 storage bucket onlineWhich means anyone can see and download text messages, photos, audio recording, contacts, locations, scrambled passwords and login information, Facebook messages and more. All of these data were stolen from the victims, most of whom they did not know that they were being spy, the most sensitive personal data also said that everyone was on the Internet to watch.
Other Stackerware Companies that have left the data online irresponsible for years are FamilyRbit, which has left 281GB of personal data online Simply secured by a simple-smelling password; MSP, Which has leaked more than 2 million customer records In 2018; Xnore, which Let any customer see the personal data of another customer’s goalsThese include chat messages, GPS coordinates, emails, photos and more; MBIP, which contained 25,000 audio recording and 95,000 images On the server to someone who is to someone; Kidgard, who had one Incorrect configured server that leaks the contents of the victims; Pctattletle, which even before its hack Open screenshot of devices uploaded uploaded in real time Anyone who can access any website; And XNSP, whose developers Left credentials and personal keys on the code of applicationsAllowing someone to access the affected people to access data; And now Spyes, Cocrospi and SpikeThe victims opened messages, photos, call logs and other personal data, as well as the customer’s email addresses online.
Other stallerwear companies that were actually hacked except the spiox were hacked, there was no copy of 9, which was seen A hacker steals data of all his surveillance goalsCall recording, photos, contacts and history of brows, including text messages and WhatsApp messages; Lettmspie, Which hackers stopped after breaking and deleting the servers of the hackers; Brazil -based webdative, Which also delete its serversAnd Then hack again; Omandschi that supplies most of the back-end software for webdatives has been hacked; Spyhide, whose code had weaknesses This allows a hacker to access back-end databases And stealing data about 60,000 victims; Oops, Which was a rebuilding of spyhide, Close for the second time; And the latest MSPY hack, which is not related to the previously mentioned leak.
Finally there’s thetruthspy there, k Network of stackerware applicationsWhich contains suspicious records of having at least hacked or at least leaked data Three Apart CeremonyThe
Has been hacked, but unexpected
According to TechCrunch Tally, eight of these 25 Stalkerware companies have been closed.
In the first and so far unique cases, the Federal Trade Commission CEO of the forbidden Spyphone and its chief executive, Scott ZuckermanFollowing the previous safety break, the surveillance industry exposed the data from working in the industry to the victims. Another Stalkerware Operation associated with Zuckerman, which is called spitrack, Off Following a TechCrunch investigation.
PhonePoctors and HiSters, two more companies that have not been known to have been hacked, Also off New York’s Attorney General Company has clearly accused customers of encouraging them to use their software to use illegal surveillance.
However, closing an organization does not mean that it has gone forever. Like spyhide and spyphones, some of the same owners and developers have simply re -branded behind the shutter stackerware manufacturer.
Galperin said, “I think these hacks they do things they perform things, they give a touch of it,” said Galperin. “But if you think that if you hack a stallerware company, they will just shake their fists, curse your name, the blue smoke will disappear and never see it, it must not have happened.”
Gallperin added, “Frequently what happens, when you actually arrange to kill a stalkerware company, the stalkerware company comes like a mushroom after rain,” adds Galperine.
Have some good news. In a report last year, the security agency said Malwarbitis The use of stackerware is getting decreasedThis type of software is in accordance with the customer’s own data. Also, Galperin has reported the increase in negative reviews of these applications, customers or potential customers complain that they do not act as purpose.
However, Galperin said that it is possible that security agencies are not as good to identify stackerware, or stalkers have been removed from software-based surveillance from Airtag and other Bluetooth-enable trackers.
Galperin said, “The stackerware does not exist in the vacuum.
Don’t tell stalkerware
Using spyware to monitor your loved ones is not only immoral, it is also illegal in most jurisdictions, as it is considered as illegal surveillance.
This is an important reason not to use stackerware already. Then there is the problem that stalkerware manufacturers have again proved that they cannot keep data secure – not even the data or their targets or targets related to customers.
In addition to romantic partners and spies of spouses, some people use the stalkerware app to observe their kids. Although the use of this type, at least in the United States, legal, it does not mean that using stalkerware for your children’s phone is not horrible and immoral.
Even if it is legal, Galperin thinks parents should not talk about their children and spy without their consent.
If parents notify their kids and move on to them, parents should be away from the insecure and unfair stalkerware app and use the tracking equipment of the built -in parenting tools in it Apple phones and tablets And Android device That operates safely and external.
Restoring the breach and leaked
Here is the full list of stalkerware companies that have been hacked or sensitive data leaked from the chronological grades to 2017:
Updated on March 1925 to include SpyX as the latest violation of the stackerware supplier.
If you or someone you know requires help, National Domestic Violence Hotline (1-800-799-7233) provides the victims of domestic torture and violence 24/7 free, confidential assistance. If you are in an emergency situation please call 911. The Alliance against stalkerware If you think your phone is upset by spyware, there is resource.
