mSpy Database Leaked Online, 400,000 Clients Affected

mSpy hack

Another leak? Or Sabotage Attempt? An unknown hacker reportedly broke into mSpy's client database and posted the stolen sensitive information on the dark web.

Basically, mSpy is a service that offers monitoring software for mobile devices. mSpy mobile app has the ability to retrieve call logs, impose restrictions to certain phone numbers, check text messages, access emails, view browser history and spy on instant messaging activities.

The leaked information include Apple IDs and passwords, tracking data, payment details, photos, calendar data, corporate email threads, and very private conversations. It also include thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.

Security blogger Brian Krebs, who reported the breach, said in a blog post, "KrebsOnSecurity learned of the apparent breach from an anonymous source who shared a link to a Web page that is only reachable via Tor."

"The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software."

But the mSpy denied that it's servers had been hacked. The company representative said that the news was a sabotage attempt from its competitors. 

"mSpy provides a 100% secure solution for your smartphone monitoring. The activity logs transferred to our server are encrypted and stored anonymously to prevent third-party snooping and interception. We guarantee that no one else can access your data,” the representative added.

These revelations from the company's representative would contradict the information accessed by Krebs, but  it would not be the first time a company tries to cover a security breach to maintain its business.

No comments

Powered by Blogger.