A shady industry exists for individuals seeking to monitor and spy on their families, with app makers marketing software known as stalkerware to enable remote access to victims’ phones by jealous partners.
Despite the sensitive nature of the data involved, a growing number of these companies have experienced significant data breaches. TechCrunch’s investigation revealed that since 2017, at least 20 stalkerware companies have been hacked or had customer data leaked online.
In 2024 alone, two major stalkerware hacks have occurred, with mSpy being the latest target. This breach exposed millions of customer support tickets containing personal data. Additionally, pcTattletale, a U.S.-based stalkerware maker, fell victim to a hack that led to the exposure of internal data, ultimately resulting in the shutdown of the company.
Stalkerware apps like mSpy and pcTattletale are commonly used for spying on loved ones, leading to cases of real-world harm and violence. Hackers target these companies due to their lax security measures and the unethical behavior they encourage among their users.
A history of stalkerware hacks
The trend of stalkerware breaches began in 2017 with attacks on Retina-X and FlexiSpy, exposing a combined 130,000 customers globally. Despite hackers’ efforts to expose and dismantle the industry, many companies like FlexiSpy continue to operate.
Subsequent breaches targeted other stalkerware companies, including Mobistealth, Spy Master Pro, and SpyHuman, resulting in the theft of sensitive data and customer records. These breaches highlighted the vulnerability of stalkerware companies and the risks posed to victims’ privacy.
Numerous stalkerware companies have been exposed for leaving customer and victims’ data unprotected online, leading to data leaks of text messages, photos, GPS coordinates, and more. The lack of security measures in place by these companies puts individuals at risk of privacy violations and abuse.
Hacked, but unrepented
Of the 20 stalkerware companies targeted by hacks, eight have shut down in response to security breaches or legal action. Despite closures, some companies rebrand and continue operations, perpetuating the cycle of unethical surveillance practices.
While there has been a decline in stalkerware usage, the threat persists as stalkers adapt to new surveillance methods. Stalkerware companies remain a part of a larger ecosystem of tech-enabled abuse that requires vigilance and awareness to combat effectively.
Say no to stalkerware
Using stalkerware is not only unethical but also illegal in most jurisdictions, constituting unlawful surveillance. Stalkerware companies’ history of data breaches underscores the risks associated with such software, leading to privacy violations and potential harm.
Parents considering monitoring their children should opt for secure and transparent parental tracking tools available on Apple and Android devices, rather than resorting to insecure stalkerware apps. Transparency and consent are essential when monitoring children’s online activities.
Updated on July 16 to include mSpy as the latest spyware to be breached.
If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware has resources if you think your phone has been compromised by spyware.
