A dubious sector thrives by catering to those who seek to covertly track and observe their family members. Marketed under the guise of fidelity checks, numerous software developers offer so-called stalkerware to suspicious individuals, enabling invasive access to private mobile devices.
Alarmingly, the security of the highly delicate data gathered through these means is frequently compromised, leading to significant data breaches.
TechCrunch’s investigations reveal a concerning trend: since 2017, no fewer than 21 stalkerware providers have experienced data breaches or inadvertently disclosed client and victim information online. This figure includes companies that have fallen victim to cyberattacks multiple times.
In the year 2024 alone, the industry has seen four major breaches, the latest implicating Spytech, an obscure spyware firm from Minnesota. This incident laid bare activity logs from monitored devices. Prior to this, mSpy, a notorious stalkerware app, suffered a breach that compromised millions of customer support inquiries, along with the personal details of countless users.
Previously, an attacker infiltrated pcTattletale, a U.S.-based stalkerware provider, leaking internal data and defacing the company’s homepage—a move aimed at humiliating the firm following reports of its use in monitoring U.S. hotel computers.
Following these cybersecurity incidents, pcTattletale’s Bryan Fleming announced the closure of his business.
Consumer spy apps like mSpy and pcTattletale, notorious as “stalkerware” or “spouseware,” are often utilized by suspicious partners for clandestine surveillance. Explicit marketing encouraging such use has led to legal battles, investigative reports, and evidence linking such surveillance to real-world harm.
The repeated targeting of these companies by hackers underscores a vulnerability within this industry.
Eva Galperin of the Electronic Frontier Foundation points out the industry’s lax security measures and dubious ethical standards.
Given these recurrent security flaws, individuals using stalkerware not only potentially engage in illegal activity but also jeopardize sensitive data, including that of the individuals they spy on.
An Overview of Stalkerware Security Incidents
The wave of security breaches targeting stalkerware vendors started in 2017 with attacks on Retina-X and FlexiSpy, revealing an international customer base of 130,000.
Hackers, claiming moral high ground, aimed to dismantle what they view as a morally reprehensible industry.
Despite previous breaches and scrutiny, some stalkerware providers like FlexiSpy remain operational, while others, like Retina-X, have shuttered post-hack.
The history of these breaches depicts both targeted attacks and accidental exposures, underscoring the industry’s persistent security lapses.
Compromised Yet Unchanged
Out of 21 reported cases, eight stalkerware services have closed. Despite regulatory actions, the cycle of shutdown and rebranding continues, with some operators launching new ventures under different names.
While hacks have disrupted operations, they’ve not eradicated the problem. Stalkerware companies often resurface, adapting to continue their surveillance activities.
According to Malwarebytes, the use of stalkerware is on the decline, yet concerns remain regarding detection capabilities and the potential shift towards physical tracking methods.
Rejecting Stalkerware
Employing spyware for surveillance transcends ethical boundaries and often breaches legal constraints against unauthorized monitoring.
The security risks and ethical concerns extend to using such software for parental monitoring, urging caution and transparency in such interactions.
Summary of Security Failings
This list documents the stalkerware entities affected by security breaches or data leaks since 2017, highlighting ongoing vulnerabilities within the sector.
Updated on July 25 to note Spytech’s recent data breach.
For individuals in need, the National Domestic Violence Hotline (1-800-799-7233) offers round-the-clock confidential support. The Coalition Against Stalkerware provides resources for those suspecting phone compromise by spyware.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
