A Major Data Breach Exposes Millions of mSpy Spyware Customers

A data leak at mSpy, a phone monitoring application, has affected millions of clients worldwide. 

The breach, which occurred in May 2024, exposed a massive amount of customer support data, including emails, personal information, and even attachments. 

This leak not only reveals the identity of mSpy customers but also the Ukrainian software company that created the app, Brainstack, which had so far operated in secret.

mSpy Suffers Third Data Breach in Six Years

According to reports, the phone tracking software mSpy has released personal information from millions of users and businesses who have purchased access to the service over the last decade. 

This is the third time mSpy has exposed users' personal information since 2018.

mSpy is a smartphone program that lets you watch your children, spouses, and subordinates. The person who installs mSpy can remotely monitor the data of the target's cell phone in real-time.

This time, a customer support system provided by spyware maker Zendesk was compromised, resulting in the theft of customer care records from 2014.

Breach is Big Yet Hackers are Unknown

In May 2024, unidentified cybercriminals stole millions of customer support tickets, containing personal information, emails to support, and attachments, such as personal papers, from mSpy. 

While spyware hacks are growing more prevalent, they are remarkable because very sensitive personal information is frequently contained in the data, in this case about the users who use the service.

More than 100 gigabytes of Zendesk records, including millions of individual customer service tickets, email addresses, and email content were exposed in the breach.

New sensitive breach: mSpy had 2.4M unique email addresses exposed in a 318GB breach last month. Data included name & IP address in user records & support tickets, plus photos of credit cards & nude selfies. 54% were already in @haveibeenpwned. More: https://t.co/3wTQtlBj13

— Have I Been Pwned (@haveibeenpwned) July 11, 2024

Is Ukrainian Tech Company Brainstack Behind mSpy Data Breach?

The data leak of mSpy's Zendesk data revealed its parent business, Brainstack, a Ukrainian IT company.

mSpy is not mentioned on the Brainstack website. Brainstack exclusively discusses its work on an unidentified "parental control" app. However, the internal Zendesk data dump demonstrates that Brainstack is heavily and closely involved in mSpy's activities.

In the leaked Zendesk data, it is discovered that records contain information about plenty of employees with Brainstack email addresses. 

Many of these workers were involved in mSpy customer assistance, such as answering customer queries and processing refund requests.

UKRAINIAN SPY DETAINED IN LUGANSK REPUBLIC - recruited by Ukrainian intelligence as far back as 2019.

The man collected and transmitted personal data about Russia's border guards - Federal Security Bureau (FSB.) pic.twitter.com/0JrfoYdyIv

— Tony (@Cyberspec1) April 5, 2024

The compromised Zendesk data comprises the real identities and, in some cases, the phone numbers of Brainstack workers, as well as the fake names that they used when replying to mSpy client tickets to hide their own identities.

Questions are Arising About mSpy Privacy and Legality

The mSpy data breach shows the risks of spyware, both for individuals being observed and those using the service. 

The leaked client data raises concerns about legality and ethics, while also revealing the previously unknown Ukrainian corporation behind mSpy. 

This event serves as a sharp reminder of the necessity of data security and its effects on those who utilize such intrusive spying methods.

You can consider using PurePrivacy to keep your data safe from malicious apps and websites.