Cyber Incident Victim: mSpy

In May 2015, mSpy—a provider of mobile surveillance software marketed for monitoring children and partners—suffered a significant breach resulting in the exposure of extensive customer data. The incident came to light when an anonymous source alerted KrebsOnSecurity to a Tor-hosted website containing hundreds of gigabytes of stolen data from mSpy’s servers. Hackers claimed the cache included over four million logged events and information on more than 400,000 users, though the exact number of affected individuals remained unverified. The compromised data encompassed Apple IDs, passwords, device tracking records, payment details from approximately 145,000 transactions, and support request emails submitted by customers globally. mSpy’s software enabled subscribers to monitor locations, intercept communications from apps like Snapchat and Skype, and capture keystrokes on Android and iOS devices, amplifying the sensitivity of the leaked information.

The stolen records revealed private communications, photos, calendar entries, corporate emails, and payment records linked to subscriptions ranging from $8.33 to $799. Customer support emails demonstrated the global reach of mSpy’s user base, with individuals seeking assistance in deploying the spyware. Despite multiple contact attempts by KrebsOnSecurity over five days, mSpy issued no public statements acknowledging the breach or detailing mitigation efforts. The attackers’ Tor-based leak site emphasized the scale of the intrusion, which exposed not only surveillance targets’ data but also the identities and financial information of those using mSpy’s services. The incident underscored risks inherent in spyware operations, where compromised infrastructure could simultaneously betray both perpetrators and victims of surveillance.