This week, Krebs on Security revealed that mSpy leaked the data of millions of paying customers online, including passwords, call logs, text messages, contacts, notes, location data and even Apple iCloud usernames and authentication tokens. mSpy is software that can be installed on devices and used to snoop on kids, partners and more. The company has since taken the database down.
According to Krebs on Security, the data was easily accessible and required no authentication. It was an “open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software,” they said in a blog post.