Private Data of Over Two Million Users Leaked by mSpy Spyware Maker

mSpy, the company behind a mobile app designed to help its users spy on Android or iPhone devices, leaked millions of records containing sensitive information such as text message logs, passwords, phone contacts, location, all of it collected by their app while secretly running int he background.

More precisely, security researcher Nitish Shah found that mSpy's internal databases for all collected data and customer transactions could be accessed without any authentication.

Moreover, according to Shah, mSpy's open to the Web database included everything from username and passwords to Whatsapp and Facebook messages. It also provided access to real-time records, as well as private encryption keys of each mSpy customer who logged in or bought a mSpy license over a period of six months. 

“I was chatting with their live support, until they blocked me when I asked them to get me in contact with their CTO or head of security,” Shah said.

mSpy took the database of... (read more)

from Softpedia News / Global https://ift.tt/2CuG6JX