Mobile Spyware Maker mSpy Leaks Data Again

mSpy arethe makers of a software-as-a-service product that helps more than a million paying customers spy on the mobile devices of their kids and partners, and it has again has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the spyware.

The most recent breach, first reported by security journalist Brian Krebs on Tuesday, involves what he says is millions of sensitive records published online, “including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.”  The open database was discovered by security researcher Nitish Shah.

The Krebs website reports:

In addition, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files. Anyone who stumbled upon this database also would have been able to browse the WhatsApp and Facebook messages uploaded from mobile devices equipped with mSpy.

Nitish Shah said he was ignored when he tried to report the breach to mSpy. Brian Krebs had better luck after he contacted the company on 30th August, and he got this reply from mSpy’s chief security officer.