I spy another mSpy breach: Millions more stalkerware buyers exposed

2024-07-15 02:01

Infosec in brief Commercial spyware maker mSpy has been breached - again - and millions of purchasers can be identified from the spilled records.

"Comprising 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos," the mSpy entry on Have I Been Pwned reads.

Several folks included in the breach list have been contacted and the legitimacy of their data verified, it's been reported elsewhere.

mSpy was previously breached in 2015, with some 400,000 users' data published on the dark web - messages, payment details, account credentials, photos and more were dumped online.

mSpy is not the only stalkerware company to suffer a data breach: LetMeSpy was hit so hard in 2023 it shut down, and the same fate befell pcTattletale, which closed up shop earlier this year after a similar experience.

An international review of "Dark patterns" that manipulate consumers into giving up data and privacy in apps and on websites has found what you probably can already guess: they're everywhere.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/15/infosec_roundup/

#breach #SPY