The phone monitoring app mSpy leaked information from its users — and from the phones running its software — on an open database, according to a report from cybersecurity expert and journalist Brian Krebs.
That means both the customers and the targets of the spy software had their data exposed. Krebs said the leak affected more than a million paying customers.
The leaked data included the usernames and login credentials of the company’s customers, as well as the iCloud account information and WhatsApp and Facebook messages of the phones that mSpy software was monitoring. Krebs said the database was no longer available 12 hours before he published his report Tuesday, after he notified the company of the problem.
The company bills itself as the “ultimate monitoring software for parental control.” MSpy didn’t immediately respond to a request for comment.
Beyond the data directly exposed in the database, the user login information could have let anyone log in to customer accounts and see all the data available from phones being monitored by mSpy software, Krebs wrote. Also exposed was personal contact information, like names and mailing addresses used by customers to purchase the software.