Security Operations, Breach, Data Security, Privacy

Stalkerware vendor data breach exposes over half a million customer records

Coverage from TechCrunch indicates that a hacktivist has successfully scraped over 536,000 payment records from a provider of consumer-grade "stalkerware" phone surveillance applications. This breach has exposed the email addresses and partial payment details of individuals who purchased services designed to monitor others.

The compromised data includes transaction records for various tracking and monitoring apps, such as Geofinder, uMobix, Peekviewer, and Xnspy, all supplied by a Ukrainian company identified as Struktura, which also operates under the name Ersten Group. The hacktivist, known as "wikkid," exploited a minor website vulnerability to access the customer information. The leaked data contains customer email addresses, the specific app purchased, payment amounts, card types, and the last four digits of payment cards. TechCrunch verified the authenticity of the data through multiple methods, including password resets and matching invoice numbers with vendor checkout pages.

This incident highlights a recurring pattern of security failures within the stalkerware industry, where vendors often have inadequate cybersecurity measures, leading to the exposure of sensitive customer data.

Source: TechCrunch

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds