We reported last week that a spyware maker compromised users’ and victims’ sensitive information [view related post]. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its product to “spy” on their partners and children, has reportedly leaked the passwords, call logs, text messages, location data, contacts and notes of victims whose mobile phones are being spied on by others.
Apparently, a security researcher found an open database on the Internet that allows anyone to query mSpy records for customer transactions and mobile phone data with no authentication.
Some of the information that could be accessed includes an individual’s contacts, call logs, text messages, browser history, events, notes, WhatsApp, installed applications and Wi-Fi networks used. It is being reported that there were millions of records available. When mSpy was notified of the vulnerability, it took the files offline.
According to KrebsOnSecurity, MSpy was previously hacked in May 2015, and customer data was posted to the Dark Web.