mSpy spyware support platform breached, millions of customers exposed
Learn More
A data breach at mSpy, a phone surveillance operation, has compromised the personal information of millions of customers over the past decade, along with the details of the Ukrainian company behind it, Brainstack.
The spyware app, marketed for tracking children and monitoring employees, is also widely misused for unauthorized surveillance, often referred to as "stalkerware." It allows users to remotely view the contents of a target phone in real-time, typically after having physical access to install the spyware.
The breach was initially disclosed by Switzerland-based hacker maia arson crimew, with the data made available to the nonprofit transparency collective DDoSecrets.
The breach, occurred in May 2024, involved the theft of millions of customer support tickets from mSpy's Zendesk-powered support system and exposed customer service records dating back to 2014.
These tickets contained:
- sensitive personal data,
- emails,
- attachments,
- private documents
- approximate location based on IP addresses.
The dataset also contained email addresses of high-profile individuals, such as senior-ranking U.S. military personnel, a U.S. federal appeals court judge, a U.S. government department watchdog, and law enforcement officials.
The nature of the attack and the number of affected individuals is not disclosed. Although in this particular instance, the affected individuals do not deserve any compassion - they were spying themselves.
Brainstack, the Ukraine-based parent company of mSpy, has not acknowledged or publicly disclosed the incident. This is the third known data breach for mSpy since its inception around 2010.
