There is a completely shady industry for people who want to monitor and spy their families. Multiple application manufacturers marketed their Software Ftware – sometimes referred to Impasse – Jealous partners who can use these applications to make their victims’ phones away.
Nevertheless, despite how sensitive these data are, it is losing a large amount of these companies.
Count, according to the number of techcranches Spisy’s latest data leakWhich comes soon Cocopia and spy data contactSince 2017 there are at least 24 stalkerware companies that have been hacked, or the data of the customer and the victims has been dulled online. It’s not a typo: at least 24 stalkerware companies have either hacked or have significant data exposure in recent years. And four stalkerware companies were hacked several times.
Spiies, Cocopia and Spy are the first stalkerware companies in 2025 that inadvertently exposed sensitive data. In two surveillance operations, messages, photos, Call LS GS and other personal and sensitive data of millions of victims were exposed, according to a security researcher, who found an error that allowed them to accuse the data.
Spisy’s makers exposed their customers’ 518,643 unique email addresses. In the case of Cocopus, the company leaked 1.81 million customer email addresses, and spied 880,167 customer email addresses. According to the analysis of Troy Hunt, according to an analysis conducted by Troy Hunt, there are more than 2.5 million email addresses, after removing duplicate addresses appearing in both breaches. May I become pwned.
In 2024, there were at least four large stalkerware hacks. The last Stokerware breached in 2024 Spightech, a little known spyware manufacturer located in MinnesotaWho opened the activity LS Guys from the phone, tablets and computers monitored with its spyware. Before that, the MSPY was breached, which is one of the longest running stalkerware applications, which opened Millions of customer support ticketsWhich includes personal data of millions of customers.
Before, a hacker of an unknown US Located Stalkerware Creator entered the Servers of Pactatletell. The hacker then stole and leaked the company’s internal data. They also spoiled the official website of the pectatlet with the goal of making the company a shame. Hacker mentioned a recent Techcrunch article where we have reported Pactetletle was used to monitor several front desk check-in computers US On the hotel chain.
As a result of this hack, leak and embarrassing operation, Brian Fleming, founder of pectatlettle Said he is shutting down Its company.
Consumer spyware applications such as MSPY and pectatalatal are commonly referred to as “stalkerware” (or spousewear) because envy spouse and partners use it for secretly monitoring and surveying their loved ones. These companies clearly market their products as solutions to capture fraud partners by promoting illegal and immoral behavior. And There have been several court cases, Journalism inquiry And Surveys of Domestic Abuse Shelters It shows that ST Nline stocking and monitoring can lead to real world loss and violence.
And that is why hackers have often targeted some of these companies.
Iva Galperin, the director of the Cyber Security of the Electronic Frontier Foundation and the leading researcher and activist who has been fighting for years, said the stalkerware industry was a “soft target”.
“Those who run these companies may not be very vague or really worried about the quality of their product.”
Given the history of the Stokerwear settlement, it can be understated. And because of the lack of care to protect their own customers – and as a result the use of these applications is twice as irresponsible. Stokerware consumers can break the law, abuse their partners illegally, and at the top, endanger everyone’s data.
History of Stokerware Hex
Stockerware breach provokes began in 2017 when a group of hackers US Breach of a retina-X-located And Thailand -based flexici Back back. It has been revealed in two hacks that companies have a total of 130,000 customers worldwide.
At that time, hackers who – proud – clearly said that their inspiration was to open up and hopefully they will help destroy the industry that they consider to be poisonous and immoral.
“I am going to burn them on the ground, and none of them go anywhere to hide,” a hacker involved then told the motherboard.
Referring to Flexispy, the hacker added: “I hope they will be separated as a company and fail, and there will be some time to reflect on what they did. However, I am afraid that they can try and give themselves birth in a new form again. But if they do, I’ll be there. “
Despite the attention of hack, and negative people of years, Flexis is still active today. Can’t even say about Retina-X.
The broken hacker in the retina-X cleared his servers from the target that hinders his performance. The company bounced back – And then he was hacked again after a year. A few weeks after the second break, Retina-X announced that it was closing.
After a few days of second retina-X breach, Hackers hit Mobistalth and SpimasterGigabytes of customer and professional records, as well as the disruptive messages of the victims and the theft of certain GPS locations. Another Stokerware Seller, India -based spyA few months later, the same fate is encountered, the hackers steal text messages and call the metadata, which includes the log of who is called.
Weeks later, it was the first case of accidental data contact instead of hack. Spy Phone left Amazon-Hosted S3 Storage Bucket Unprotected Online NelineWhich means that any text messages, photos, Audio deo recordings, contacts, location, scramble passwords and Login gin information, Facebook messages and more can be viewed and downloaded. All those data were stolen from victims, most of whom did not know that they were being spied on, telling alone that their most sensitive personal data was on the Internet to see everyone.
Other stalkerware companies who have left the data of irresponsible customers and victims online are family orbit, which have left 281 gigabytes of personal data. Protected by the password only easily met; MSP, Who leaked more than 2 million customer records In 2018; Xnore, which Let any of its customers see personal data of other customers’ goalsThese include chat messages, GPS coordinates, emails, photos and more; Mobispie, who left 25,000 Audio deo recordings and 95,000 images On an accessible server for anyone; Kidsguard, which was one Incorrect Configured Server who leaked the content of the victim; pcctattletale, who even before his hack Open screenshots of uploaded victim devices in real time On a website that can cause any access; And xnspy, whose developers Left credentials and private keys in the codes of applicationsAnyone allows the victim’s data to be accessed; And now Spy, Spy and spyWho have left the victim’s messages, photos, Call LS GS and other personal data, as well as the email addresses of the customers, the online naline.
As long as other stalkerware companies that have actually hacked, there was a copy 9, who saw Hacker steals data from all its surveillance targetsText messages and WhatsApp messages, including Call L recordings, photos, contacts and browser history; Latmespie, The hackers who stopped after breaking his servers closed; Brazil -based Webdatative, Who also wiped his serversAnd Then hack again; Ownership, which provides greater part of the back-end software ftware for webdative, is also hacked; Spyhide, which has a weakness in its code Which allowed the hacker to cause the ACCESS to the back-end databases And years of data stolen from about 60,000 victims; Ospy, Which was the rebrand of spyhyde, Close the second time; And the latest MSPY hack, which is not related to the previously mentioned leak.
Finally there is theatruthspi, a A network of stalkerware applicationsWhich has a suspected record of being at least hacked or leaked data Three Separate Occasions.
Hack, but insufficient
Eight of these 23 stalkerware companies have been closed, according to the TechCrunch Tally.
In the unique case of the first and so far, the Federal Trade Commission Spyfone and his chief executive, Skot Zuckerman bannedAfter the previous security break, operating in the surveillance industry opened the victim’s data. Another Stokerware Operation connected to Zuckerman, called a spyTrack, Then shut down After the Tech Crunch Investigation.
Fonspector and Highster, two other companies that are not known to have been hacked, Even closed New York Attorney General was accused of clearly encouraging companies to use their Software Fatware for illegal monitoring.
But closing the company does not mean that it has gone forever. Like Spyhide and Spying One, some owners and developers behind the shutter stalkerware manufacturer just rebranded.
“I think these hex does things. They fulfill things, they put a pit in it, “said Galparin. “But if you think that if you hack a stalkerware company, they will just shake their fists, curse your name, disappear in the puff of blue smoking, and will never be seen again, it certainly does not happen.”
“Often what happens, when you actually manage to kill a stalkerware company, that is that the stalkerware company comes like mushrooms after rain,” Galpin added.
There are some good news. In a report last year, security firm Mal Laverbytes said The use of stalkerware is fallingAccording to its own data of customers infected with this type of software ftware. Also, Galparin complains of the increase in the negative reviews of these applications, complaining to customers or potential customers that they do not work as intended.
But, Galparin said it is possible that security companies were not as good as stalkware, or that Stockers have moved from software-based surveillance to physical surveillance capable of airtags and other Bluetooth-enabled trackers.
“Stokerware does not exist in vacuum. Stokerware is part of the whole world of tech-capable abuse, “Galparin said.
Don’t tell Stokerware
The use of spyware to monitor your loved ones is not only immoral, it is also illegal in most jurisdiction, as it is considered illegal monitoring.
It is already an important reason for not using stalkerware. Then there is the point that the stalkerware manufacturers have proven time and time again that they cannot protect the data – neither customers nor their victims or targets data.
In addition to spying on romantic partners and spouse, some people use stalkerware applications to monitor their children. While this type of use, at least in the United States, is legal, does not mean that the use of stalkerware to snoop your children’s phones is not creepy and unethical.
Even if it is legal, Galparin thinks that parents should not spy without telling their children and without their consent.
If parents inform their children and move on, parents should stay away from unsafe and unreliable stalkerware applications and use built parental tracking tools Apple phone and pills and shot And Android devices It is safe and works clearly.
Break and leaks
Here is a complete list of stalkerware companies that have hacked or leaked sensitive data since 2017 in the event:
On February 27, 2025, Spikey updated to include the latest buggy stalkerware app.
If you or someone you know is needed, the national domestic violence hotline (1-800-799-7233) provides 24/7 free, secret support to the victims of domestic abuse and violence. If you are in a state of emergency, do it at 911. Alliance There are resources if you think your phone has been compromised by spyware.
https://techcrunch.com/wp-content/uploads/2024/05/getty-photo-mosh-stalkerware.jpg?w=1200
