mSpya, an iPhone spyware company, has leaked millions of sensitive records via a massive data breach. This includes sensitive Apple iCloud account info, which might prove to be a major concern for the iOS users since it includes passwords, call logs, text messages, contacts, notes and data concerning the location of the user.
mSpy is a company which works on the software-as-a-service product model, these services may include, but aren’t limited to, spying on your partners or kids. KrebsOnSecurity, an online news website, was the first to report this issue. The website exposed this when a security researcher by the name of Nitish Shah contacted one of the editors of KrebsOnSecurity and brought to their attention the fact there was no authentication required to access mSpy’s database. He did this by directing the editor’s attention to mSpy’s open database on the Internet which allowed anyone to access mSpy records via processing queries within a minute. Now, this was a shocking news since data this sensitive had no security measures.
Before the servers of mSpy went offline, the database contained records which included:
- Usernames
- Passwords
- Private encryption key of anyone who logged on the mSpy website over the past six months
- Record of anyone who purchased the mSpy license over the past six months
The security expert Nitish Shah further said that the private key can give anyone the ability to track down and view the details of the mobile phones using the mSpy software.
This is not the first time that a massive security breach like this has happened. Previously in 2015, mSpy was the target of a hacking which led to the publishing of highly sensitive data on the Dark Web. Interestingly, the company itself remains very secretive about its activities since selling spyware is considered a criminal offense in the USA.