mSpy, who builds software to spy on phones, reportedly fled millions of records



[ad_1]

Photo: Leon Neal (Getty Images)

mSpy, a company that markets software designed to allow users to spy on their children, partners, or anyone else they want to monitor, has exhibited more than two million records, including software purchases and brand names. 'iCloud users and authentication tokens,' reports TechCrunch.

According to CNET, mSpy markets its software as "the ultimate monitoring software for parental control". But this is part of a large family of spyware applications that have drawn the attention of federal prosecutors in the past, such as the 2014 indictment and the guilty plea of ​​Pakistani businessman Hammad Akbar. Although mSpy has exclusions from the use contract saying that the software can not be used for illegal purposes, many users buy subscriptions for this specific purpose, which is why these applications are sometimes called "stalkerware".

The leak first appeared via developer Nitish Shah, whom security researcher Brian Krebs wrote on his blog to report a vulnerability in mSpy's online database. The unsecured database did not require authentication and "allowed anyone to query last-minute mSpy records for client transactions on the mSpy website and for mobile phone data collected by the mSpy software" , writes Krebs.

The database has since been restricted after Krebs contacted mSpy's managers, but according to screenshots posted on his site, anyone who discovered the violation could have access to the call logs, texts, WhatsApp and Facebook messages of people with the mSpy software running on their phones. The mSpy company's internal data that was exposed "included the transaction details of all mSpy licenses purchased within the last six months, including the customer's name, email address, mailing address and amount. paid, "added Krebs.

That is, the spy could have become the spy too.

In an e-mail addressed to Krebs, a mSpy staff member identifying himself as the company's security officer acknowledged the violation, but stated that the receivables were "securely encrypted" and that only a few people had access to the data.

This is not the first time that mSpy has released data, according to Krebs. In 2015, in a few weeks, the service would have experienced two separate security vulnerabilities.

[TechCrunch/Krebs on Security]
[ad_2]
Source link