There is a whole dark industry for people who want to monitor and monitor their families. Multiple application manufacturers sell their software – sometimes called Tracker software – Jealous partners can use these apps remotely to access victims’ phone calls.
However, despite how sensitive this data is, more and more of these companies are losing a lot of data.
According to the count of TechCrunch, count SPYX’s latest data breachSince 2017, at least 25 Stalkerware companies have been hacked or leaked data from customers and victims online. This is not a typo: in recent years, at least 25 Stalkerware companies have been hacked or exposed by a large amount of data. Four Stalkerware companies have been hacked several times.
SPYX is reported this year that the latest Stalkerware provider has been violated, although the breach itself dates back to mid-2024. The violations show that Spyx series of applications have damaged private phone data from nearly 2 million victims.
The spy violation is after data is exposed Spyzie,,,,, But the Soviet Union and the spy According to a security researcher, surveillance operations discovered that millions of victims were exposed online, leaving messages, photos, call logs, and other personal and sensitive data.
Before this year, there are at least four huge Stalkerware hacks in 2024. Spytech, a little-known spyware maker based in Minnesotaactivity logs monitored from mobile phones, tablets and computers using spyware. Before that, MSPY was one of the longest Stalkerware applications that violated Millions of customer support ticketswhich includes personal data from millions of customers.
It was an unknown hacker before Breaking into the Stalkerware Maker Pctattletale server in the United States. The hacker then stole and leaked the company’s internal data. They also defamed Pctattletale’s official website with the goal of embarrassing the company. Hacker mentions recent TechCrunch article PCTATTLETALE is used to monitor several front-end boarding computers In the American hotel chain.
Because of this hack, leak and shameful operation, PCTATTLETALE founder Bryan Fleming Say he is closing His company.
Consumer spyware applications such as Spyx, Cocospy, Mspy, and Pctattletale are often referred to as “Stalkerware” (or spouse software) because jealous spouses and partners use them to secretly monitor and monitor loved ones.
These companies often capture cheating partners by encouraging illegal and immoral behavior to explicitly market their products as solutions. and There are multiple court cases,,,,, News Investigation and Investigation on domestic abuse shelters This suggests that online tracking and monitoring can lead to real-world cases of harm and violence.
That’s why hackers repeatedly target some of these companies.
Eva Galperin, director of cybersecurity at the Electronic Border Foundation and director of cybersecurity who has investigated and fought with Stalkerware for many years, said the Stalkerware industry is a “soft target.”
“The people who run these companies may not be the harshest or the most concerned about the quality of their products,” Galperin told TechCrunch.
Given the historical compromises in tracking devices, this may be an understatement. And, due to the lack of care to protect one’s own clients – the use of personal data of these applications and the personal data of thousands of uninformed victims is dual. Stalkerware customers may be breaking the law by illegally surveillance of their partners and most importantly, putting everyone’s data at risk.
The History of Stalkerware Hacks
Stalker software rupture began in 2017 when a group of hackers Violating the Retina-X of the United States and Flexibility based on Thailand Back to back. The two hackers revealed that the companies have 130,000 customers worldwide.
At the time, hackers (proudly) claimed responsibility for compromise made it clear that their motivation was to expose and hope to destroy industries they considered toxic and immoral.
One of the involved hackers told the board: “I’m going to burn them on the ground and absolutely nowhere to cover them up.”
The hacker mentioned Flexispy, adding: “I hope they will crash and fail as a company and have some time to reflect on what they do. However, I’m worried that they might try to give birth to themselves again in new forms. But if they do, I’ll be there.”
Despite hacking and years of negative attention, Flexispy is still active today. The same thing can’t be said about Retina-X.
Hackers breaking into Retina-X wiped the server with the goal of hindering its operations. The company rebounds – Then again hacked a year later. A few weeks after the second violation, Retina-X announces closing.
A few days after the second retinal X violation, Hackers attack Mobistealth and Spy Master Prostealing gigabytes of customer and business records, as well as intercept messages and precise GPS locations for victims. Another tracker software provider, India-based spyA few months later, the same fate came across, with hackers stealing text messages and calling metadata containing logs on who called who and when.
A few weeks later, the first case of unexpected data exposure, not hackers. Spyfone Online Leaves an Amazon-hosted S3 Storage Bucket Onlinewhich means that anyone can see and download text messages, photos, recordings, contacts, locations, passwords and login information, Facebook messages and more. All this data was stolen from the victims, most of whom were unaware that they were surveillance, let alone that their most sensitive personal data was also available to everyone on the internet for viewing.
Over the years, other irresponsible Stalkerware companies have left customers and victims’ data online Protected only by easy-to-find passwords; MSPY, Leaked more than 2 million customer records 2018; Xnore, which one Let any customer see the personal data of other customer targetswhich includes chat messages, GPS coordinates, emails, photos, etc.; Mobiispy, left behind 25,000 recordings and 95,000 images On a server that anyone can access; Kidsguard, there is one Misconfigured server that leaks victim content; PCTATTLETALE, before hacking Nude screenshots of victim devices uploaded in real time to websites that anyone can access; and XNSpy, its developers Left credentials and private keys left in application codeallows anyone to access the victim’s data; now Spyzie, Communicating circles and spiesThis makes victims’ messages, photos, call logs and other personal data, as well as customers’ email addresses, open online.
As for other stalker companies that were actually hacked, in addition to spies, there is also Copy9, see Hackers steal data from all their surveillance targetsincluding text messages and WhatsApp messages, call recordings, photos, contacts and browsing history; LETMESPY, Hacker violated and wiped the server and closed it;Brazil-based WebDetive, This also wiped the serverand Then invade again;Providing many backend software for WebDetive, it has also been hacked; Spyhide, its code is fragile This allows hackers to access the backend database Data from about 60,000 victims have been stolen over the years; oospy, This is a rebranding of spies. The second shutdown; and the latest MSPY hack, not related to the aforementioned leak.
Finally there is one Stalkerware Application Networkwhich has suspicious records of being hacked or at least leaked data three Separation occasion.
Hackered, but not considered
According to Tally of TechCrunch, eight of the 25 Stalkerware companies have been closed.
In the first case so far, the Federal Trade Commission Spyfone and its CEO Scott Zuckerman is prohibitedafter revealing victim data from earlier security errors, operations in the surveillance industry. Another stalker operation linked to Zuckerman, called Spytrac, Then close After TechCrunch investigation.
Phonespector and Highster, two other companies that have not been hacked yet Close also The New York Attorney General accused the companies of explicitly encouraging customers to use their software for illegal surveillance.
But the company closure does not mean it has disappeared forever. Like Spyhide and Spyfone, some owners and developers behind closed Stalkerware Maker simply renamed it.
“I do think these hacks do things. They do get things done, they do get stuck,” Galperin said. “But if you think if you cracked a Stalkerware company, they just shaking their fists, cursing your name, disappearing into a smog of blue smoke and never seeing it again, that’s definitely not the case.”
“When you actually manage to kill Stalkerware, what happens is that Stalkerware appears like mushrooms after the rain,” Galperin added.
There is some good news. In a report last year, security firm Malwarebytes said Stalkerware usage is decliningbased on its own data, was infected with this type of software. Additionally, Galperin reported that negative comments from these apps have increased, with customers or prospects complaining that they are not working as expected.
But security companies may not be very good at detecting stalker software, or stalkers have moved from software-based surveillance to physical surveillance enabled by AirTags and other Bluetooth-enabled trackers, Gaperlin said.
“There is no tracking device in the vacuum. The Stalker is part of the entire world of technology abuse,” Gaperlin said.
Say no to tracking devices
Using spyware to monitor your loved ones is not only immoral, but it is also illegal in most jurisdictions because it is considered illegal surveillance.
This is no longer an important reason for not using Stalkerware. Then there is a problem, and stalker software manufacturers prove time and again that they cannot ensure data security – neither data, victims or targets that belong to customers.
In addition to monitoring romantic partners and spouses, some people use the Stalkerware app to monitor their children. While this type of use is legal in the United States at least, that doesn’t mean using Stalkerware to snoop on a child’s phone isn’t creepy and immoral.
Even if it is legal, Galperin believes that parents should not monitor their children without telling them, without their consent.
If parents do notify their children and accept their approval, parents should stay away from unsafe and distrustworthy Stalkerware apps and use built-in parent tracking tools Apple phones and tablets and Android devices Safer and open to operation.
A review of vulnerabilities and leaks
Here is the complete list of Stalkerware companies that have been hacked or leaked sensitive data since chronological order:
Updated March 19, 2025, including Spyx as the latest violation to Stalkerware provider.
If you or someone you know of in need, the National Domestic Violence Hotline (1-800-799-7233) provides free, confidential support for victims of domestic abuse and violence. If you are in an emergency, call 911. Alliance against tracking If you think your phone has been compromised by spyware, please provide resources.
