Wednesday, 5 September 2018

On 15:08 by admin   5 comments
mSpy is the creator of a mobile monitoring software, primarily focused toward parents as a way of keeping track of their children's activities on their phones. The software has attracted negative attention since its launch in 2010, especially with regards to the ethics involved, as the premise of the app is highly controversial. In 2015, the company suffered a data breach which led to customer data being posted on the dark web.

Now, more than three years later, the company is involved in another massive controversy, as per a report by Brian Krebs from KrebsOnSecurity. According to the cybersecurity expert, mSpy leaked sensitive information - including usernames and passwords - of more than a million of its paying customers and devices targeted by the spy software.
All private information could reportedly be observed on a database on the open web that required no authentication whatsoever to access. The amount of sensitive user data that was on display before the database was taken offline yesterday is not something that will be taken lightly by the app's customers. Usernames, passwords, and encryption keys of users who purchased an mSpy license any time over the last six months, or even simply logged in to the company's website was available. Quite importantly, the aforementioned key would have enabled anyone to track the mobile device running the software.

That's not all, however. Customer names, email addresses, transaction details of all licenses purchased, user logs, and more were leaked as well. The records exposed were not limited to only user data relevant to mSpy. The database also included browser information, Apple iCloud username and authentication token, and WhatsApp and Facebook messages of users who had the mSpy mobile app installed. Furthermore, user activity was viewable in live time as well.
Security researcher Nitish Shah, who initially became aware of this incident, says that the spyware company's support personnel were unhelpful when he reported his findings to them, and that they blocked him when a demand to allow contact with the CTO or Head of Security was made. On the other hand, KrebsOnSecurity contacted mSpy last week as well, and received a reply via mail yesterday. The email was sent by the company's Chief Security Officer and read as follows:
"We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure. All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach and from what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data. However, we could only find that there were only a few points of access and activity with the data."
The firm did not state the amount and scope of data leaked, rather terming it as a "possible breach" of "only a few points of access and activity". Although, as stated above, the database has since been taken offline, a massive data leak such as this certainly puts the company's security policy in question. Furthermore, given that many of mSpy's paying customers are parents who use the app to spy on the activities of their children, it makes the breach of their own privacy somewhat ironic.

Source: KrebsOnSecurity


  1. Hello everyone! i want to publicly appreciate the effort of spytechenterprise@ for helping me hack my partner’s
    phone without access to the phone and my partner did not figure or suspect anything, he his also reliable with all social media account hack such as facebook and lots morei want to recommend him for you all,
    he is fast and highly reliable…He would be willing to help you….or call +1 315 355 0337 you can contact us on instagram @privatespyhacker

  2. My husband and i got Married last 3 year and we have been living happily for a while. We used to be free with everything and never kept any secret from each other until recently everything changed when he got a new Job in NewYork 2 months ago.He has been avoiding my calls and told me he is working,i got suspicious when i saw a comment of a woman on his Facebook Picture and the way he replied her. I asked my husband about it and he told me that she is co-worker in his organization,We had a big argument and he has not been picking my calls,this went on for long until one day i decided to notify my friend about this and that was how she introduced me to Mr James a Private Investigator  who helped her when she was having issues with her Husband. I never believed he could do it but until i gave him my husbands Mobile phone number. He proved to me by hacking into my husbands phone. where i found so many evidence and  proof in his Text messages, Emails and pictures that my husband has an affairs with another woman.i have sent all the evidence to our lawyer.I just want to thank Mr James for helping me because i have all the evidence and proof to my lawyer,I Feel so sad about infidelity. you can contact him on gmail (worldcyberhackers) or WhatsApp : +12678773020

  3. Today I am Teaching you that How to Jio recharge with your my jio app and use vouchers,

  4. Before introducing these best you should ensure that the objective telephone and your telephone are associated with the web.