Skip to main content

Spy Software Hack Exposes Sensitive User Data

If you use software to spy on your loved ones, it seems that you'll eventually reap what you sow. mSpy, which produces potentially shady child-monitoring software, has reportedly fallen prey to a malicious hack that's left more than 400,000 users compromised.

In what is a supreme example of either cruel irony or poetic justice, customers who used mSpy to unearth the most sensitive details of their children's (or, quite possibly, spouses') whereabouts now have their own private information — and that of the people upon whom they spied — plastered online.

Brian Krebs, an independent security reporter, shared the story on his blog, KrebsonSecurity. An anonymous source tipped Krebs off to a  website accessible only through the Tor Internet anonymization software. The hackers who claim to be behind the breach don't seem to want any money; just spreading a little bit of chaos and panic is motivation enough.

Tom's Guide reached out to mSpy to confirm the breach and ask about how the company plans to safeguard consumer data in the future, but we have not received a response yet.

MORE: Best Parental-Control Apps

For those who aren't familiar with it, mSpy is a piece of software for both phones and computers that can discreetly track everything from phone call records to instant messages to physical location and report it back to the user who installed it. Although mSpy bills itself as a way to keep tabs on your kids (which is legal), people are more likely to use this software as a way to keep tabs on spouses (which is not legal without their consent).

Since the mSpy software is so versatile, it's no surprise that the breach has opened the floodgates for a variety of potentially devastating data. The Tor site lists Apple IDs and passwords, GPS locational data and payment details for almost 150,000 online transactions. Intimate conversations and photographs are, of course, present as well.

Krebs did not list the location of the Tor website, for obvious security reasons, so there's no easy way to check if you were affected. If you do use mSpy, it would be a good precaution to change your username and password for your most frequently visited sites, but that's not really the central issue.

mSpy doesn't monitor your data; it monitors your target's data. This means that malefactors can now access your spouse's data or — if you are using the service for its intended purpose — your child's. For a child, help him or her change his online account information as soon as possible. For a spouse, you're in for a very awkward conversation.

Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.