This web uses cookies from own and from third parties to improve the navigation with Google Analytics and social media. If you continue browsing this page, you will accept those cookies. You can change the configuration and get more info on Cookies Policy



 
 
 

mSpy has been Hacked

June 17, 2015

It has recently come to light that mSpy, one of our competitors has been hacked. Today it is still unclear how the attack was performed and mSpy still refuses to admit it, but it seems that the attack is certain and that customer information has been leaked.

mSpy has been Hacked

On May 14 the security investigator Brian Krebs published the shocking news ensuring that our competitor mSpy had been hacked and exposed on the Deep Web. Brean received an anonymous tip indicating that a site within the TOR anonymous network published information about the hacking and that the stolen data of more than 400,000 users will be available soon to be downloaded.

We contacted with a security expert who started to investigate on this matter and he could confirm not only that indeed a site on the Deep Web confirmed the theft of customer data but even he found a recently stolen source code of a spy program on sale on another site on the Deep Web.



After contacting the support department of mSpy for confirmation they told us that they had no record of any hacking or data leak and that the user data is safe.

But hours later, the hacker in question enabled the download of the stolen data from their hidden website in the Deep Web. External sources have had access to the page in qestion and they confirm to us that there is a lot of data to be analyzed among which can be found diverse customer information, such as:

- iCloud user and passwords accounts
- Information on payments and purchases of mSpy
- List of applications and screenshots of users
- Keystrokes
- GPS Locations
- etc.

As we indicated this may be the tip of the iceberg because according to our source, the server where the stolen data is stored is overloaded making the download very slowly. Presumably more information becomes available in the coming hours or days when someone analyze all data stolen.

From our point of view it is wrong to deny mSpy attack because their users need to rely on a product that is losing credibility by the minute. Sometimes it is better to assume a mistake than deny everything when clearly more information will be leaked.

What if something like that happens in OwnSpy?



In the past we have had attacks that have even caused data loss but they never stole our data. We are very committed to the security of our personal user data. In fact we are unable to access some personal data since we encrypt it on the device itself before being uploaded to our servers. If we don't need to access technically to the data then we will encrypt it before store it on the database.

Since the very first day we created OwnSpy so the personal data such as photos or call recordings will be encrypted with a key linked to the user's password. So if someday our database is stolen the data will not be leaked since the encryption password is not stored on the database.