Exclusive: Hacktivist scrapes over 500,000 stalkerware customers' payment records

Exclusive: Hacktivist scrapes over 500,000 stalkerware customers' payment records

Briefly

"A hacktivist has scraped more than half-a-million payment records from a provider of consumer-grade "stalkerware" phone surveillance apps, exposing the email addresses and partial payment information of customers who paid to spy on others. The transactions contain records of payments for phone tracking services like Geofinder and uMobix, as well as services like Peekviewer (formerly Glassagram), which purport to allow access to private Instagram accounts, among several other monitoring and tracking apps provided by the same vendor, a Ukrainian company called Struktura."

"The customer data also includes transaction records from Xnspy, a known phone surveillance app, which in 2022 spilled the private data from tens of thousands of unsuspecting people's Android devices and iPhones. This is the latest example of a surveillance vendor exposing the information of its customers due to security flaws. Over the past few years, dozens of stalkerware apps have been hacked, or have managed to lose, spill, or expose people's private data - often the victims themselves - thanks to shoddy cybersecurity by the stalkerware operators."

"Stalkerware apps like uMobix and Xnspy, once planted on someone's phone, upload the victim's private data, including their call records, text messages, photos, browsing history, and precise location data, which is then shared with the person who planted the app. Apps like UMobix and Xnspy have explicitly marketed their services for people to spy on their spouses and domestic partners, which is illegal. The data, seen by TechCrunch, included about 536,000 lines of customer email addresses, which app or brand the customer paid for, how much they paid, the payment card type (such as Visa or Mastercard), and the last fo"