Recent reports have revealed that a little-known spyware maker based in Minnesota has been hacked, exposing thousands of devices worldwide to stealthy remote surveillance.
TechCrunch received a cache of files from a source familiar with the breach, which included detailed device activity logs from phones, tablets, and computers monitored by Spytech, dating back to early June.
The authenticity of the data was confirmed by analyzing device activity logs of Spytech’s chief executive, who had installed the spyware on his own device.
Records show that Spytech’s spyware, including Realtime-Spy and SpyAgent, has compromised over 10,000 devices globally since 2013, including Android devices, Chromebooks, Macs, and Windows PCs.
This breach marks Spytech as the latest in a series of spyware makers to be compromised, with this year alone seeing four similar incidents, according to TechCrunch’s records.
Spytech is known for its remote access apps, often termed as “stalkerware,” marketed for parental monitoring but also used for spying on spouses and partners covertly.
The breached data contains logs from all devices under Spytech’s surveillance, revealing detailed device activity logs. Most compromised devices are Windows PCs, with a smaller number of Android devices, Macs, and Chromebooks.
While monitoring children or employees may be legal, monitoring a device without consent is unlawful, leading to potential legal consequences for spyware operators and customers.
Spytech’s location data from Android devices reveals clusters of monitored devices across Europe, the U.S., and more localized surveillance in Africa, Asia, Australia, and the Middle East.
The breach also exposed sensitive data, including the geolocation of Spytech’s CEO. However, there is not enough identifiable information in the data for TechCrunch to notify individual victims.
Spytech has not disclosed whether they plan to notify affected individuals or authorities, raising concerns about compliance with data breach notification laws.
Founded in 1998, Spytech gained attention in 2009 when a man was convicted of using Spytech’s spyware to compromise a children’s hospital email system.
This breach comes after another U.S.-based spyware maker, pcTattletale, was hacked and subsequently shut down without notifying affected individuals, leading to further concerns about data protection and transparency.
If you suspect your device has been compromised by spyware, resources are available through the Coalition Against Stalkerware. For immediate help in domestic abuse situations, contact the National Domestic Violence Hotline at 1-800-799-7233 or call 911 in an emergency.
For more information on the recent spyware breaches, visit TechCrunch’s website.
