Hacktivist scrapes over 500000 stalkerware customers payment records TechCrunch
p
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
Google
pp
Government Policy
pp
Hardware
pp
Instagram
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Staff
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppA hacktivist has scraped more than halfamillion payment records from a provider of consumergrade stalkerware phone surveillance apps exposing the email addresses and partial payment information of customers who paid to spy on others ppThe transactions contain records of payments for phonetracking services like Geofinder and uMobix as well as services like Peekviewer formerly Glassagram which purport to allow access to private Instagram accounts among several other monitoring and tracking apps provided by the same vendor a Ukrainian company called StrukturappThe customer data also includes transaction records from Xnspy a known phone surveillance app which in 2022 spilled the private data from tens of thousands of unsuspecting peoples Android devices and iPhones ppThis is the latest example of a surveillance vendor exposing the information of its customers due to security flaws Over the past few years dozens of stalkerware apps have been hacked or have managed to lose spill or expose peoples private data often the victims themselves thanks to shoddy cybersecurity by the stalkerware operatorspp ppStalkerware apps like uMobix and Xnspy once planted on someones phone upload the victims private data including their call records text messages photos browsing history and precise location data which is then shared with the person who planted the app ppApps like uMobix and Xnspy have explicitly marketed their services for people to spy on their spouses and domestic partners which is illegalppThe data seen by TechCrunch included about 536000 lines of customer email addresses which app or brand the customer paid for how much they paid the payment card type such as Visa or Mastercard and the last four digits on the card The customer records did not include dates of payments ppTechCrunch verified the data was authentic by taking several transaction records containing disposable email addresses with public inboxes such as Mailinator and running them through the various password reset portals provided by the various surveillance apps By resetting the passwords on accounts associated with public email addresses we determined that these were real accountsppWe also verified the data by matching each transactions unique invoice number from the leaked dataset with the surveillance vendors checkout pages We could do this because the checkout page allowed us to retrieve the same customer and transaction data from the server without needing a passwordppThe hacktivist who goes by the moniker wikkid told TechCrunch they scraped the data from the stalkerware vendor thanks to a trivial bug in its website The hacktivist said they have fun targeting apps that are used to spy on people and subsequently published the scraped data on a known hacking forumppThe hacking forum listing lists the surveillance vendor as Ersten Group which presents itself as a UKpresenting software development startup ppTechCrunch found several email addresses in the dataset used for testing and customer support instead reference Struktura a Ukrainian company that has an identical website to Ersten Group The earliest record in the dataset contained the email address for Strukturas chief executive Viktoriia Zosim for a transaction of 1 ppRepresentatives for Ersten Group did not respond to our requests for comment Strukturas Zosim did not return a request for commentppTopicspp
Security Editor
ppZack Whittaker is the security editor at TechCrunch He also authors the weekly cybersecurity newsletter this week in security ppHe can be reached via encrypted message at zackwhittaker1337 on Signal You can also contact him by email or to verify outreach at zackwhittakertechcrunchcom pp
Senior Reporter Cybersecurity
ppLorenzo FranceschiBicchierai is a Senior Writer at TechCrunch where he covers hacking cybersecurity surveillance and privacy ppYou can contact or verify outreach from Lorenzo by emailing lorenzotechcrunchcom via encrypted message at 1 917 257 1382 on Signal and lorenzofb on KeybaseTelegramppTickets are live at the lowest rates of the year Save up to 680 on your pass nowMeet investors Discover your next portfolio company Hear from 250 tech leaders dive into 200 sessions and explore 300 startups building whats next Dont miss these onetime savingspp Spotify says its best developers havent written a line of code since December thanks to AI
pp With cofounders leaving and an IPO looming Elon Musk turns talk to the moon
pp The first signs of burnout are coming from the people who embrace AI the most
pp MrBeasts company buys Gen Zfocused fintech app Step
pp YouTube TV introduces cheaper bundles including a 65month sports package
pp Discord to roll out age verification next month
pp From Svedka to Anthropic brands make bold plays with AI in Super Bowl ads
pp 2025 TechCrunch Media LLCp
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
pp
Government Policy
pp
Hardware
pp
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Staff
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppA hacktivist has scraped more than halfamillion payment records from a provider of consumergrade stalkerware phone surveillance apps exposing the email addresses and partial payment information of customers who paid to spy on others ppThe transactions contain records of payments for phonetracking services like Geofinder and uMobix as well as services like Peekviewer formerly Glassagram which purport to allow access to private Instagram accounts among several other monitoring and tracking apps provided by the same vendor a Ukrainian company called StrukturappThe customer data also includes transaction records from Xnspy a known phone surveillance app which in 2022 spilled the private data from tens of thousands of unsuspecting peoples Android devices and iPhones ppThis is the latest example of a surveillance vendor exposing the information of its customers due to security flaws Over the past few years dozens of stalkerware apps have been hacked or have managed to lose spill or expose peoples private data often the victims themselves thanks to shoddy cybersecurity by the stalkerware operatorspp ppStalkerware apps like uMobix and Xnspy once planted on someones phone upload the victims private data including their call records text messages photos browsing history and precise location data which is then shared with the person who planted the app ppApps like uMobix and Xnspy have explicitly marketed their services for people to spy on their spouses and domestic partners which is illegalppThe data seen by TechCrunch included about 536000 lines of customer email addresses which app or brand the customer paid for how much they paid the payment card type such as Visa or Mastercard and the last four digits on the card The customer records did not include dates of payments ppTechCrunch verified the data was authentic by taking several transaction records containing disposable email addresses with public inboxes such as Mailinator and running them through the various password reset portals provided by the various surveillance apps By resetting the passwords on accounts associated with public email addresses we determined that these were real accountsppWe also verified the data by matching each transactions unique invoice number from the leaked dataset with the surveillance vendors checkout pages We could do this because the checkout page allowed us to retrieve the same customer and transaction data from the server without needing a passwordppThe hacktivist who goes by the moniker wikkid told TechCrunch they scraped the data from the stalkerware vendor thanks to a trivial bug in its website The hacktivist said they have fun targeting apps that are used to spy on people and subsequently published the scraped data on a known hacking forumppThe hacking forum listing lists the surveillance vendor as Ersten Group which presents itself as a UKpresenting software development startup ppTechCrunch found several email addresses in the dataset used for testing and customer support instead reference Struktura a Ukrainian company that has an identical website to Ersten Group The earliest record in the dataset contained the email address for Strukturas chief executive Viktoriia Zosim for a transaction of 1 ppRepresentatives for Ersten Group did not respond to our requests for comment Strukturas Zosim did not return a request for commentppTopicspp
Security Editor
ppZack Whittaker is the security editor at TechCrunch He also authors the weekly cybersecurity newsletter this week in security ppHe can be reached via encrypted message at zackwhittaker1337 on Signal You can also contact him by email or to verify outreach at zackwhittakertechcrunchcom pp
Senior Reporter Cybersecurity
ppLorenzo FranceschiBicchierai is a Senior Writer at TechCrunch where he covers hacking cybersecurity surveillance and privacy ppYou can contact or verify outreach from Lorenzo by emailing lorenzotechcrunchcom via encrypted message at 1 917 257 1382 on Signal and lorenzofb on KeybaseTelegramppTickets are live at the lowest rates of the year Save up to 680 on your pass nowMeet investors Discover your next portfolio company Hear from 250 tech leaders dive into 200 sessions and explore 300 startups building whats next Dont miss these onetime savingspp Spotify says its best developers havent written a line of code since December thanks to AI
pp With cofounders leaving and an IPO looming Elon Musk turns talk to the moon
pp The first signs of burnout are coming from the people who embrace AI the most
pp MrBeasts company buys Gen Zfocused fintech app Step
pp YouTube TV introduces cheaper bundles including a 65month sports package
pp Discord to roll out age verification next month
pp From Svedka to Anthropic brands make bold plays with AI in Super Bowl ads
pp 2025 TechCrunch Media LLCp
