mSpy

mSpy is a United Kingdom‑based developer of mobile surveillance software that enables monitoring of Android and iPhone devices. The product provides access to call logs, text messages, emails, GPS location, browsing history, application usage and keystroke activity. It is sold through various subscription tiers aimed at customers seeking parental control, employee monitoring or similar oversight capabilities. Although marketed for legitimate supervision, the tool is frequently classified as stalkerware due to its covert data‑collection features.

In May 2015 the company suffered a significant security breach that exposed extensive personal data belonging to its users. The leaked information included emails, text messages, payment details, location logs, Apple IDs with passwords, photographs, calendar entries and customer support requests. Attackers released hundreds of gigabytes of intercepted communications and device tracking logs through a Tor‑hidden site, claiming the cache covered over 400,000 users and roughly 145,000 financial transactions. The breach demonstrated that mSpy’s surveillance platform was capable of harvesting a wide range of sensitive data from a large, international user base. Despite multiple outreach attempts, the company did not publicly acknowledge the incident following the deep‑web publication.

mSpy’s distinguishing technical capability lies in its ability to operate covertly on both Android and iOS systems while capturing keystrokes and detailed app usage in addition to conventional communication logs. The software is offered as a service with recurring subscription fees, positioning it within the commercial spyware market that serves individuals and organisations seeking remote device monitoring. Its cross‑platform reach and depth of data collection have been noted in security research as characteristic of advanced stalkerware solutions. These attributes differentiate mSpy from simpler monitoring tools that lack persistent, stealthy data‑exfiltration mechanisms.

A TechCrunch article dated February 2026 references an incident involving mSpy on 1 January 2024, although the public source does not disclose the nature or scale of that event. No further details about the 2024 incident are available in the supplied material, so its impact remains unspecified. The available information does not describe mSpy’s ownership structure, parent company or subsidiary relationships. Consequently, the organisation is presently identified primarily by its mSpy brand and its United Kingdom headquarters.