Stalkerware Industry Plagued by Data Breaches, Exposing Millions of Victims

Starfolk

Starfolk

February 20, 2025 · 3 min read
Stalkerware Industry Plagued by Data Breaches, Exposing Millions of Victims

A staggering number of stalkerware companies, marketed to jealous partners and spouses, have been compromised, exposing millions of victims' sensitive data online. According to TechCrunch's tally, at least 23 stalkerware companies have been hacked or leaked customer and victims' data since 2017, with four companies experiencing multiple breaches.

The latest breaches involve Cocospy and Spyic, which inadvertently exposed messages, photos, call logs, and other personal data of millions of victims. The two surveillance operations leaked a total of 2.65 million email addresses, according to an analysis by Troy Hunt, who runs data breach notification site Have I Been Pwned.

This trend of stalkerware companies losing sensitive data is alarming, considering the industry's explicit marketing of illegal and unethical behavior. These companies often encourage customers to use their products to catch cheating partners, which can lead to real-world harm and violence. The lack of care for protecting customers' and victims' data is doubly irresponsible, putting everyone involved at risk.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, notes that the stalkerware industry is a "soft target" due to the lack of concern for product quality and customer data protection. Hackers have repeatedly targeted these companies, with some explicitly stating their motivations to expose and destroy the industry.

The history of stalkerware hacks is extensive, with notable cases including Retina-X, FlexiSpy, mSpy, and pcTattletale. In 2017, a group of hackers breached Retina-X and FlexiSpy, revealing 130,000 customers worldwide. Since then, numerous stalkerware companies have been hacked or leaked data, including Mobistealth, Spy Master Pro, SpyHuman, and more.

Despite the breaches and negative public attention, some stalkerware companies continue to operate, with a few even rebranding after shutting down. According to Galperin, "what happens most often, when you actually manage to kill a stalkerware company, is that the stalkerware company comes up like mushrooms after the rain."

There is some positive news, however. Security firm Malwarebytes reported a decline in stalkerware use last year, and Galperin notes an increase in negative reviews of these apps. Nevertheless, the stalkerware industry remains a significant threat, and it's essential to raise awareness about the risks and consequences of using these apps.

Using spyware to monitor loved ones is not only unethical but also illegal in most jurisdictions. Parents who want to monitor their children's activities should opt for safer and overt parental tracking tools built into Apple and Android devices, rather than relying on insecure stalkerware apps.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. The Coalition Against Stalkerware also offers resources for those who suspect their phone has been compromised by spyware.

Similiar Posts

Copyright © 2024 Starfolk. All rights reserved.