Developer of the spying app mSpy leaks millions of records. Again

The database of the app used for spying is found unprotected

The app that allows people to spy on their loved ones had been leaking the data of their users the second time in three years.

According to KrebsOnSecurity, there is a great danger in the use of mSpy – an app used for spying on kids, partners, and other people without letting them know about that. The app has been found to fail to protect its users' data by keeping these records in the open database on the Internet. Leaked information includes passwords, Facebook and WhatsApp messages, iCloud data, and other records from users of the official site and mobile app.

As the post regarding this issue notes^[1], the database was available to anyone on the Web, and it required no authentication. Records included details about the transactions of mSpy licenses purchased in the last six months were accessible to anyone. It means that the name, email address, paid amount and mailing address were leaked to the public. Information regarding the user internet habits and device details^[2] were also in the same place.

At the moment of writing, the database is taken offline. However, there was a specific period when all of these records were accessible to everyone. The leaked data belongs to customers and people who have no idea that mSpy was used to spy on their activity.

Not the first time the developer is dealing with the leak of sensitive data

In 2015^[3] the same company had a data breach that exposed various information as well. This time, the hole exposed thousands of kids to online predators when emails, text messages, locations, payment details, and other information was posted on the Deep Web^[4]. In this case, almost 40 percent of the mSpy users were parents spying on their kids.

Brian Krebs, the popular investigator on cybersecurity, stated in his March of 2015 report:

It’s ironic that so many parents have now unwittingly exposed their kids to predators, bullies and other ne’er-do-wells thanks to this breach.

All those emails, text messages, payment credentials, and locations were posted on the Tor network^[5]. The leaked data also included more than four million events which were recorded by the allegedly safe spying app mSpy. It contained Apple identification and passwords, other tracked data and credit information, various payment details. The hackers responsible for this stated that they leaked data from more than 400 000 users.

mSpy has nothing to do with safeness

mSpy is a software-as-a-service that officially was designed to allow parents to spy on the devices of their children. This application is still highly criticized because this program is considered spyware. However, many people use this app to spy on their kids or the loved ones. Because of these data leaks, the debate about safety of this software significantly widens.

The developers of the mSpy have been using the following statements while presenting their app to their customer:

mSpy is the most popular monitoring and safety application in the market with millions of satisfied users around the globe. Our discreet software works by tracking all activity in the background of the monitored phone including GPS location, web history, images, videos, email, SMS, Skype, WhatsApp, keystrokes and much more. The easy to use control panel, 24/7 live customer support and 256 bit encryption makes mSpy the best solution out there for keeping your children safe and workers productive.

However, many cybersecurity experts do not agree with the alleged safety aspect of this app. This spyware can be used to spy on any individual, and that leads to real crime. These data leaks can also lead to data or identity theft. Any software that gathers information like credit card numbers, emails, passwords or any internet habits regarding data, can be potentially dangerous. You shouldn't use any of these applications for your own security.