{"id":156922,"date":"2025-03-19T22:30:07","date_gmt":"2025-03-19T22:30:07","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2025\/03\/19\/exclusive-data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users\/"},"modified":"2025-03-19T22:30:07","modified_gmt":"2025-03-19T22:30:07","slug":"exclusive-data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2025\/03\/19\/exclusive-data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users\/","title":{"rendered":"Exclusive: Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A consumer-grade spyware operation called SpyX was hit by a data breach last year, TechCrunch has learned. The breach reveals that SpyX and two other related mobile apps had records on almost two million people at the time of the breach, including thousands of Apple users.<\/p>\n<p class=\"wp-block-paragraph\">The data breach dates back to June 2024 but has not been previously reported, and there is no indication that SpyX\u2019s operators ever notified its customers or those targeted by the spyware.<\/p>\n<p class=\"wp-block-paragraph\">The SpyX family of mobile spyware is now, by our count, <a href=\"https:\/\/techcrunch.com\/2025\/02\/20\/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps\/\" target=\"_blank\" rel=\"noreferrer noopener\">the 25th mobile surveillance operation since 2017<\/a> known to have experienced a data breach, or otherwise spilled or exposed their victims\u2019 or users\u2019 data, showing that the consumer-grade spyware industry continues to proliferate and put people\u2019s private data at risk.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The breach also provides a rare look at how <a href=\"https:\/\/techcrunch.com\/2025\/01\/31\/techcrunch-reference-guide-to-security-terminology\/#stalkerware\" target=\"_blank\" rel=\"noreferrer noopener\">stalkerware<\/a> like SpyX can also target Apple customers.<\/p>\n<p class=\"wp-block-paragraph\">Troy Hunt, who runs data breach notification site <a href=\"https:\/\/haveibeenpwned.com\/PwnedWebsites#Spyzie\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Have I Been Pwned<\/a>, received a copy of the breached data in the form of two text files, which contained 1.97 million unique account records with associated email addresses.<\/p>\n<p class=\"wp-block-paragraph\">Hunt said the vast majority of the email addresses are associated with SpyX. The cache also includes less than 300,000 email addresses associated with two near-identical clones of the SpyX app called MSafely and SpyPhone. <\/p>\n<p class=\"wp-block-paragraph\">About 40% of the email addresses were already in Have I Been Pwned, Hunt said.<\/p>\n<p class=\"wp-block-paragraph\">As with previous spyware breaches, Hunt marked the SpyX data breach in Have I Been Pwned as <a href=\"https:\/\/haveibeenpwned.com\/FAQs#SensitiveBreach\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">\u201csensitive,\u201d<\/a> which allows only the person with an affected email address to see if their information is part of this breach.<\/p>\n<p class=\"wp-block-paragraph\">The operators behind SpyX did not respond to emails from TechCrunch with questions about the breach, and a WhatsApp number listed on SpyX\u2019s website returned a message saying it was not registered with the messaging app.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-another-spyware-another-breach\">Another spyware, another breach<\/h2>\n<p class=\"wp-block-paragraph\">SpyX is billed as mobile monitoring software for Android and Apple devices, ostensibly for granting parental control of a child\u2019s phone. <\/p>\n<p class=\"wp-block-paragraph\">Surveillance malware, like SpyX, also go by the term <a href=\"https:\/\/techcrunch.com\/2025\/01\/31\/techcrunch-reference-guide-to-security-terminology\/#stalkerware\" target=\"_blank\" rel=\"noreferrer noopener\">stalkerware<\/a> (and spouseware) because sometimes the operators explicitly promote their products as a way to spy on a spouse or domestic partner, which is broadly illegal without that person\u2019s knowledge. Even when the operators don\u2019t explicitly promote this illegal use, spyware apps share much of the same stealthy data-stealing capabilities.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Consumer-grade spyware, like stalkerware, usually works in one of two ways.<\/p>\n<p class=\"wp-block-paragraph\">Apps that work on Android devices, including SpyX, are typically downloaded from outside of the official Google Play app store and require someone with physical access to a victim\u2019s device \u2014 usually with knowledge of their passcode \u2014 to weaken its security settings and plant the spyware.<\/p>\n<p class=\"wp-block-paragraph\">Apple has stricter rules about which apps can be on the App Store and run on iPhones and iPads, so stalkerware usually taps into a copy of the device\u2019s backup found on Apple\u2019s cloud storage service, iCloud. With a person\u2019s iCloud credentials, stalkerware can continuously download the victim\u2019s most recent backup directly from Apple\u2019s servers. iCloud backups <a href=\"https:\/\/support.apple.com\/en-us\/HT204136\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">store the majority<\/a> of a person\u2019s device data, including messages, photos, and app data.<\/p>\n<p class=\"wp-block-paragraph\">According to Hunt, one of the two files in the breached cache referred to iCloud in its filename and contained about 17,000 distinct sets of plaintext Apple Account usernames and passwords.<\/p>\n<p class=\"wp-block-paragraph\">Since the iCloud credentials in the breached cache clearly belonged to Apple customers, Hunt sought to confirm the authenticity of the data by reaching out to<strong> <\/strong>Have I Been Pwned subscribers whose Apple Account email addresses and passwords were found in the data. Hunt said several people confirmed that the information he provided was accurate.<\/p>\n<p class=\"wp-block-paragraph\">Given the possibility of an ongoing risk to victims whose account credentials might still be valid, Hunt provided the list of breached iCloud credentials to Apple prior to publication. Apple did not comment when reached by TechCrunch.<\/p>\n<p class=\"wp-block-paragraph\">As for the rest of the email addresses and passwords found in the breached text files, it was less clear if these were working credentials for any service other than SpyX and its clone apps.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Meanwhile, Google pulled down a Chrome extension linked to the SpyX campaign.<\/p>\n<p class=\"wp-block-paragraph\">\u201cChrome Web Store and Google Play Store policies clearly prohibit malicious code, spyware and stalkerware, and if we find violations, we take appropriate action. If a user suspects their Google Account has been compromised, they should take <a href=\"https:\/\/support.google.com\/accounts\/answer\/6294825\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">recommended steps<\/a> immediately to secure it,\u201d Google spokesperson Ed Fernandez told TechCrunch.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-how-to-look-for-spyx\">How to look for SpyX<\/h2>\n<p class=\"wp-block-paragraph\">TechCrunch has a <a href=\"https:\/\/techcrunch.com\/2022\/02\/22\/remove-android-spyware\/\" target=\"_blank\" rel=\"noreferrer noopener\">spyware removal guide for Android users<\/a> that can help you identify and remove common types of phone monitoring apps. Remember to have <a href=\"https:\/\/stopstalkerware.org\/resources\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">a safety plan in place<\/a>, given that switching off the app may alert the person who planted it.<\/p>\n<p class=\"wp-block-paragraph\">For Android users, switching on <a href=\"https:\/\/support.google.com\/googleplay\/answer\/2812853\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google Play Protect<\/a> is a useful security feature that can help to protect against Android malware, including unwanted phone surveillance apps. You can enable Google Play from the app\u2019s settings if it isn\u2019t already enabled.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Google accounts are far more protected with <a href=\"https:\/\/support.google.com\/accounts\/answer\/10956730?hl=en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">two-factor authentication<\/a>, which can better protect against account and data intrusions, and know <a href=\"https:\/\/support.google.com\/accounts\/answer\/6294825?hl=en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">what steps to take if your Google account is compromised<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">iPhone and iPad users can check and <a href=\"https:\/\/support.apple.com\/en-us\/102560\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">remove any devices from your account that you don\u2019t recognize<\/a>. You should ensure that your Apple account uses a long and unique password (<a href=\"https:\/\/techcrunch.com\/2018\/12\/25\/cybersecurity-101-guide-password-manager\/\" target=\"_blank\" rel=\"noreferrer noopener\">ideally saved in a password manager<\/a>) and that your account also has <a href=\"https:\/\/support.apple.com\/en-us\/102660\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">two-factor authentication switched on<\/a>. You should also change your iPhone or iPad passcode if you think someone may have physically compromised your device.\u00a0<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p class=\"wp-block-paragraph\"><em>If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24\/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The<\/em><a rel=\"nofollow noopener\" href=\"https:\/\/stopstalkerware.org\/\" target=\"_blank\"><em> Coalition Against Stalkerware<\/em><\/a><em> has resources if you think your phone has been compromised by spyware.<\/em><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/techcrunch.com\/2025\/03\/19\/data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A consumer-grade spyware operation called SpyX was hit by a data breach last year, TechCrunch has learned. The breach reveals that SpyX and two other related mobile apps had records on almost two million people at the time of the breach, including thousands of Apple users. The data breach dates back to June 2024 but [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":156923,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-156922","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/156922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=156922"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/156922\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/156923"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=156922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=156922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=156922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}