A shocking revelation has emerged in the world of cybersecurity, leaving many stunned and questioning the safety of their personal information. Over 500,000 individuals' payment records have been exposed by a hacktivist targeting a notorious stalkerware provider. But this isn't just any ordinary hack; it's a bold move that sheds light on the dark side of surveillance apps.
The hacktivist, known as 'wikkid,' successfully scraped payment records from a company offering consumer-grade phone surveillance apps, revealing a disturbing trend. These apps, including Geofinder, uMobix, and Peekviewer (formerly Glassagram), are designed to track individuals' phone activities, and in some cases, even access private social media accounts. But here's where it gets controversial—the data leak exposed customers who paid to spy on others, an illegal practice that raises serious ethical concerns.
Among the exposed data were records from Xnspy, a notorious phone surveillance app that previously made headlines for leaking private data from thousands of Android and iPhone users. This incident is just one in a long line of stalkerware app failures, where poor cybersecurity practices have led to the exposure of victims' private information, often without their knowledge.
Stalkerware apps, once installed on a target's phone, covertly upload personal data such as call logs, messages, photos, and location data. This information is then accessible to the person who installed the app, often with the intention of spying on their partners or loved ones, which is a criminal offense.
TechCrunch verified the authenticity of the leaked data, which included email addresses, app usage, payment amounts, and partial card details. The verification process involved resetting passwords on public email accounts and cross-referencing invoice numbers with the vendor's checkout pages.
The hacktivist, wikkid, claims the data was easily accessible due to a simple website bug. They have since published the data on a hacking forum, exposing the vendor, Ersten Group, which appears to be a front for a Ukrainian company, Struktura. Despite attempts to contact both companies, no responses have been received.
This incident highlights the growing concern over the misuse of surveillance technology and the potential for personal data to be exploited. It begs the question: Are we unknowingly sacrificing our privacy for the sake of convenience?
