mSpy, a software as a service product claims to help about 2 million people by helping them track the mobile activities of their partners or kids. The hacking of their servers came to light after KrebsOnSecurity received an anonymous tip with a link to a Tor-based site.
The site contained data about Apple IDs and passwords, tracking data, payment details on some 145,000 successful transactions, pictures, calendar data, corporate email threads, and very private conversations. Also included are emails from the people who have requested services of mSpy.
Sites like these are difficult to be suspended as they are hosted in the deep web, away from the indexing and registration in the regular search engines and can be accessed only via Tor.
While the unknown hackers claim to have data about 400,000 users, the company has not responded to repeated requests for an official confirmation.
It is not clear where the company is based but it seems to be tied to a presently defunct company called MTechnology Ltd. The founders are self-styled programmers Aleksey Fedorchuk and Pavel Daletski. The brand is involved in a trademark dispute with an US based company called Retina X studios that makes a similar product called MobileSpy.
The US courts are generally strict with companies like these, as has been indicated by past incidents and maintain that “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners”
While law takes a firm stand on such techniques, what is paradoxical is how the interested users of mSpy, who are mostly concerned parents of kids, have in a bid to keep their children secure ended up exposing their personal details to a world full of predators and bullies.