mySpy- a corporation that provides an all-in-one solution for parents and partners to spy on their children or significant others respectively has disclosed an accidental leak that has jeopardized millions of private records. These records include sensitive data like passwords, text messages, contacts, call logs and even WhatsApp messages.
According to KrebsonSecurity, who initially reported the news,
Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.
Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. The private key would allow anyone to track and view details of a mobile device running the software, Shah said.
This isn’t the first time mySpy has accidentally impended crucial information. User data of an unknown number of people were stolen from the company’s database and uploaded to the dark web back in May 2015. The stolen data contained similar information as in today’s leak.
However, it is a criminal offense to sell spyware in the US- the country in which mySpy is based. But, the company goes to some extents to hide its activities to avoid legal issues. It’s not clear what?
Signing up for the service requires your iCloud credentials to spy on others.