data breach last year affected a consumer-grade spyware operating system known as SpyX. The breach also revealed that two related mobile apps had
records of nearly two million people at the time of the breach, including thousands of Apple users.
The data breach can be traced back to June 2024, yet there have been no reports on the matter or any indication that SpyX’s operators ever informed their customers about what had happened.
Even more so, the SpyX family of mobile spyware is now the 25th mobile surveillance operation since 2017, to have experienced a data breach, or exposed theri victims’ or users’ data, reported TechCrunch. This incident also demonstrates that the consumer-grade spyware industry continues to increase rapidly as well as put people’s private data at risk.
The breach has also raised concerns regarding how users such as Apple customers, could be targeted more easily. Troy Hunt, the man behind Have I Been Pwned, a site that talks and makes public information regarding data breaches, has received a copy of the data that was breached, the document containing 1.97 million unique account records as well as their associated email addresses.
Subscribe to our newsletter
Hunt observed that the majority of email addresses were associated with SpyX. Even more so, the document included less than 300,000 email addresses associated with two near-identical clones of the SpyX app called MSafely and SpyPhone. Even more so, he added that nearly 40% of the email addresses were already in Have I Been Pwned.
Hunt also marked the SpyX data breach in Have I Been Pwned as he does with all spyware breaches. This allows only the person who has an affected email address to if their information is part of the breach or not.
SpyX is also billed as a mobile monitoring software for Android and Apple devices, also being used for granting parental control of a child’s phone. It is also worth noting that surveillance malware such as SpyX, is also known as stalkear, and sometimes operators promote their products as a way to spy on a family member or a partner, the whole process being illegal without the person knowing.
Those apps usually are downloaded from outside the Google Play app store, also requiring some physical acces to the victim’s device, weakening the security settings on the device.
