Child monitoring firm Mspy has denied reports that its systems have been breached and personal data exposed, but admitted that it was subject to a “predatory attack” by blackmailers.
The denial came after security expert Brian Krebs reported a wide-scale data breach at the firm. He said that he had been contacted by an anonymous source who pointed him to a Tor-based site that hosted several hundred gigabytes of data.
“mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked,” wrote Krebs. “Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”
“There is no data of 400,000 of our customers on the web,” a spokeswoman for the company told BBC News. “We believe to have become a victim of a predatory attack, aimed to take advantage of our estimated commercial achievements.
“We have received frequent threats of similar nature, pursuing financial gain ‘or else’ and have just received a number of those in recent weeks,” said the firm. “We never have or ever will fall for provocations of third parties, and our only response for such ‘ventures’ will be further securitisation of any corporate and customer related data.”
“We pay close attention to each and every ‘hacking’ threat, making sure it doesn’t have reasonable grounds for considering our security measures compromised,” said the spokeswoman. “And surely none of such threats deserve being indulged in their demands for ‘easy money’, as the most recent case has served an example of.”
It is hard to verify the claims by Brian Krebs, as the data has since been removed from Tor.
In other media reports, mSpy representatives have hinted that the story may have been fabricated by a competitor looking to discredit the company. And apparently the Krebs’ report is being investigated by its lawyers and other “authorised” parties.
Mspy is essentially a tracking app for Android, iOS, Windows and Mac computers. It is aimed at allowing parents to remotely track their children via their smartphone or tablet. The tracking is legal if done by parents, but some are worried that the app could be used by adults to spy on their partners without their consent.
Indeed, the company blatantly touts its stealthy capabilities on its website FAQs.
“Is this phone tracking software undetectable?” asked MiSpy’s FAQ. “This software is absolutely discreet and works by tracking all the activity in the background of the monitored mobile devices in stealth mode.”
The Mspy app also apparently collects call log history, GPS location data, web history, emails, text messages, images, video, Skype and WhatsApp messages, as well as keystrokes and desktop screenshots. This means that the data it collects could be very sensitive indeed.
Earlier this month, a California sales executive filed a lawsuit against her former employer, alleging she was forced to use software on her company-issued iPhone that her supervisor used to track her and her colleagues around the clock, both on- and off-duty.
Do you know all about IT and the law? Take our quiz.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…