mSpy Leaks Again
Mobile spyware developer mSpy has leaked the information of its large subscriber base for the second time in three years. According to the London-based company, approximately 40% of their users are parents interested in keeping tabs on their kids. This latest leak exposed login credentials and encryption keys linked to accounts, which provided open access to personal iCloud accounts and backup files, and Whatsapp and Facebook messages uploaded from mobile devices with mSpy. In its entirety, the leak exposed millions of records, including that of new users and their transaction details. This is not the first time mSpy has failed at protecting user data. In 2015 the system was hacked and customer data was posted on the dark web.
It took the company over a week to acknowledge the claims and over two weeks to disable links to screenshots on their servers. This new lapse in security comes weeks after a hacker reportedly broke into the servers of another mobile spyware service company, TheTruthSpy, stealing logins, audio recordings, text messages and pictures from mobiles equipped with its spy software.
Takeaways:
If you are considering subscribing to a spyware service, educate yourself on their record of the data security.
Proactively control passwords and use different passwords for all banking, email, and personal accounts; change passwords every few months.
Implement two-factor authentication for highly sensitive accounts.