Table of contents:
Watch out for applications that promise to help you spy on your loved ones, because they can lead to frogs. The spying app for parents MSpy leaked private information of users in an open database The information has been given by Brian Krebs, a journalist who is an expert in cybersecurity.
It is the story of the hunted hunter. And it is not the first time it has happened, but the second in just three years. The application, which in principle helps users (after paying, of course) to spy on their children's devices, or even employees, has released a package with millions of data related to call records , text messages, contacts, notes, and location data.
The information that has been disclosed is part of the compilations carried out secretly in all those phones that had the famous spyware installed. mSpy logs could be consulted in their entirety, without the need to authenticate.
Five million records with private information
After discovering the leak, no more and no less than five million records with private information about users have been detected. According to this researcher, the data contained in this database are usernames, passwords, and private encryption keys for each of the service clients.
And these are all customers who logged in to mSpy or purchased a license to use the service in the last six months.These encryption keys, which are completely private, allowed anyone to track the location of devices, as well as view other important private details, on all computers that They also had the app installed. Here is the seriousness of the matter.
But unfortunately, this is not the only data that mSpy has leaked from users who have ever been linked to this application (spying or being spied on). According to those responsible for this investigation, among the data disclosed are the usernames and authentications of Apple iCloud, used from devices with mSpy installed. In addition, references to iCloud backup files are also noted.
What does this mean in practical terms? Well, any experienced person who has had access to this data will have been able to access WhatsApp and Facebook messages included in mobile devices that have had mSpy installed .
Includes, on the other hand, data on transactions carried out by mSpy licenses that have been acquired in recent months. Customer names, email addresses, postal addresses and amounts paid for the service are specified here. And we must add (it seems that the list of grievances does not end) the information about the browsers used and the Internet addresses linked to the users.
mSpy's reaction to the leaks
Unfortunately, the first reaction of mSpy managers was to avoid conversations with this expert. KrebsOnSecurity put them on alert and all he got was a block, even though he had asked to speak to the company's head of security.
A few days later, and after alerting the company to the leak on August 30, the person responsible for reporting the leak received an email from a certain Andrew, head of mSpy security, thanking him and telling him that they had prevented a much larger data breachIn that same email they indicated to the expert that they had found some unauthorized access points. The person in charge of KrebsOnSecurity saw evidence of his own access at those points.
