mSpy Faces Major Data Breach Following Cyber Attack

phishing attacks image

mSpy, a popular cell phone tracking software utilized by millions, has recently made headlines due to a significant cyber attack that has compromised the data of countless customers.

As reported by Cybersecurity Insiders, hackers successfully breached the Zendesk-powered customer support server belonging to the phone spyware company. This incident resulted in the exposure of sensitive customer information, including personal details, email addresses, attachments, customer support tickets, and some confidential company data.

The investigation indicates that the breach has revealed data dating back to 2014, encompassing millions of records generated by the mSpy application from users worldwide.

Developed by the Ukraine-based company Brainstack, mSpy is commonly employed by parents to monitor their children and by individuals to keep track of their partners and relatives. The software can log call records, photos, contacts, videos, and other data, transmitting this information to mSpy’s servers for analysis and storage.

Additionally, some government agencies install this spyware on devices issued to employees and personnel, allowing them to monitor their activities discreetly.

Troy Hunt, the creator of the service Have I Been Pwned, obtained the complete dataset and analyzed over 2.4 million email addresses associated with mSpy customers. Alarmingly, he found that all the data was accurate and still active, raising concerns about potential phishing attacks and social engineering threats that could arise from such a breach.

The affected individuals include a range of sensitive roles, including federal agents, judges, military personnel, and members of secret intelligence services.

It remains unclear whether the hackers infiltrated the Zendesk servers directly or accessed mSpy’s database, which stores transposed data for continuity purposes.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display