Data security

This Spyware Data Leak Is So Bad We Can't Even Tell You About It

A company that sells consumer-grade software that lets customers spy on other people’s calls, messages, and anything they do on their cell phones left more than 95,000 images and more than 25,000 audio recordings on a database exposed and publicly accessible to anyone on the internet. The exposed server contains two folders with everything from intimate pictures to recordings of phone calls, given that the app markets itself mostly to parents.

Troy Hunt, a researcher who maintains the breach database Have I Been Pwned?, analyzed the database and said that there were around 16 gigabytes of images and around 3.7 gigabytes of MP3 recordings in it. Motherboard confirmed his analysis. (It’s hard to say how many unique pictures and recordings there are, however. Some pictures appear to have been uploaded multiple times.)

This breach is just the latest in a seemingly endless series of exposures or leaks of incredibly sensitive data collected by companies that promise to provide services for parents to keep children safe, monitor employees, or spy on spouses. In the last two years, there have been 12 stalkerware companies that have either been breached or left data exposed online: Retina-X (twice), FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, and Xnore.