TechCrunch reports that Ukrainian mobile spyware app mSpy had information from millions of individuals around the world dating back to 2014 stolen and exposed following the breach of its Zendesk-based customer support system in May.
Further assessment of the leaked dataset, which has been confirmed to be legitimate by Have I Been Pwned founder Troy Hunt, revealed the compromise of millions of customer service tickets, some of which pertained to a senior-ranking U.S. military officials, the Office of the Inspector General for the Social Security Administration, and the Arkansas County sheriff's department. Such an incident has also exposed phone numbers, email addresses, and aliases leveraged by employees at mSpy's parent firm Brainstack. While Brainstack has neither confirmed nor denied the breach, Zendesk has emphasized that it had not been compromised even if it did not disclose whether the utilization of its platform for spyware operations was in violation of its service terms.