Cyber Incident Victim: Spy Master Pro

In February 2018, a hacker breached two consumer spyware companies, Mobistealth and Spy Master Pro, stealing extensive customer data and intercepted communications. The compromised data included gigabytes of customer records, business information, alleged text messages, and historical GPS locations from infected devices. Spy Master Pro’s data specifically contained thousands of text messages and location records harvested from monitored phones, revealing personal conversations and movements. Motherboard verified the authenticity of customer accounts by successfully triggering password resets using usernames from the dump, contacting individuals identified in the data, and confirming email associations with customer support representatives. Neither company responded to multiple requests for comment regarding the breach. The stolen data exposed tens of thousands of customer accounts, highlighting the scale of the compromise.

The incident underscored the controversial nature of stalkerware tools, which both companies marketed for spying on spouses despite potential legal violations. Spy Master Pro’s Valentine’s Day blog post explicitly promoted using its software to test a partner’s loyalty, while Mobistealth support previously advised a Motherboard investigator posing as a customer on monitoring a spouse. The hacker, who remained anonymous, criticized the companies for enabling stalking and domestic abuse while operating with “hilariously vulnerable” security. Intercepted messages in the data dump included intimate exchanges, such as discussions of infidelity and family counseling, illustrating the invasive capabilities of the malware. Although some customers legally used the software to monitor children or employees, the breach revealed widespread misuse for unauthorized surveillance, compounding privacy harms with inadequate data protection. No containment actions or responses from the affected companies were documented.