In this week, Krebs on Security has revealed that the mSpy has leaked about the millions of data of all the paying customers online. In this leaked data, it has included all the passwords, text messages, call logs, notes, contacts location as well as Apple iCloud usernames and authentication tokens.
mSpy is the mobile app that can help the people who are on Android as well as on iOS to spy on kids, partners and many more. mSpy is the software that can be installed on the devices. Since the news of data leaks surfaced out, the company has now taken down the database.
As per the Security researcher, Nitish Shah, who was first discovered about this breach and contacted the company. But his alerts are being ignored till KrebsOnSecurity contacted mSpy about this issue. Shah said that before it was taking down in the past 12 hours, the database has contained about millions of records that include the password, username as well as private encryption key on the mSpy customer who has logged in to the mSpy site. The user who has purchased the mSpy license during the last six months, their private key will be allowed to anyone to track as well as to view the details which are about the mobile device that runs during the software.
All the exposed data from the company has contains all types of the sensitive data that includes iCloud username along with the authentication token of mobile devices that uses mSpy and iCloud backup files. The transactions details of the mSpy licenses purchases during the last 6 months were got exposed which includes the name of the buyer, mailing address, email address or even the amount paid to it.
As per Krebs On Security, the data that was easily accessible as it does not require any type of authentication. It was like an open database on the Web which has allowed anyone to query up to the minute mSpy records in which it includes both customer transactions at mSpy’s site and also for mobile phone data that was collected by mSpy’s software.
The chief security officer of mSpy has assured in the blog post that every possible step have been taken in order to prevent the data from getting misused. Till now it is unclear that who is behind the incident. This incident has made all the paid customers unhappy.