Data breach at stalkerware SpyX affects close to 2 million including thousands of Apple users TechCrunch
p
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
Google
pp
Government Policy
pp
Hardware
pp
Instagram
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppA consumergrade spyware operation called SpyX was hit by a data breach last year TechCrunch has learned The breach reveals that SpyX and two other related mobile apps had records on almost 2 million people at the time of the breach including thousands of Apple usersppThe data breach dates back to June 2024 but had not been previously reported and there is no indication that SpyXs operators ever notified its customers or those targeted by the spywareppThe SpyX family of mobile spyware is now by our count the 25th mobile surveillance operation since 2017 known to have experienced a data breach or otherwise spilled or exposed their victims or users data showing that the consumergrade spyware industry continues to proliferate and put peoples private data at risk ppThe breach also provides a rare look at how stalkerware like SpyX can also target Apple customersppTroy Hunt who runs data breach notification site Have I Been Pwned received a copy of the breached data in the form of two text files which contained 197 million unique account records with associated email addressesppHunt said the vast majority of the email addresses are associated with SpyX The cache also includes less than 300000 email addresses associated with two nearidentical clones of the SpyX app called Msafely and SpyPhoneppAbout 40 of the email addresses were already in Have I Been Pwned Hunt saidppAs with previous spyware breaches Hunt marked the SpyX data breach in Have I Been Pwned as sensitive which allows only the person with an affected email address to see if their information is part of this breachppThe operators behind SpyX did not respond to emails from TechCrunch with questions about the breach and a WhatsApp number listed on SpyXs website returned a message saying it was not registered with the messaging appppSpyX is billed as mobile monitoring software for Android and Apple devices ostensibly for granting parental control of a childs phone ppSurveillance malware like SpyX also goes by the term stalkerware and spouseware because sometimes the operators explicitly promote their products as a way to spy on a spouse or domestic partner which is broadly illegal without that persons knowledge Even when the operators dont explicitly promote this illegal use spyware apps share much of the same stealthy datastealing capabilities ppConsumergrade spyware like stalkerware usually works in one of two waysppApps that work on Android devices including SpyX are typically downloaded from outside of the official Google Play app store and require someone with physical access to a victims device usually with knowledge of their passcode to weaken its security settings and plant the spywareppApple has stricter rules about which apps can be on the App Store and run on iPhones and iPads so stalkerware usually taps into a copy of the devices backup found on Apples cloud storage service iCloud With a persons iCloud credentials stalkerware can continuously download the victims most recent backup directly from Apples servers iCloud backups store the majority of a persons device data including messages photos and app datappAccording to Hunt one of the two files in the breached cache referred to iCloud in its filename and contained about 17000 distinct sets of plaintext Apple Account usernames and passwordsppSince the iCloud credentials in the breached cache clearly belonged to Apple customers Hunt sought to confirm the authenticity of the data by reaching out to Have I Been Pwned subscribers whose Apple Account email addresses and passwords were found in the data Hunt said several people confirmed that the information he provided was accurateppGiven the possibility of an ongoing risk to victims whose account credentials might still be valid Hunt provided the list of breached iCloud credentials to Apple prior to publication ppApple did not comment by press time when reached by TechCrunch prior to publication ppIn a brief statement provided after publication Apple spokesperson Sarah ORourke told TechCrunch When data breaches at other companies pose a risk to Apple accounts our security teams work to rapidly investigate and protect our users In this case fewer than 250 iCloud users were impacted and we immediately secured their accountsppAs for the rest of the email addresses and passwords found in the breached text files it was less clear if these were working credentials for any service other than SpyX and its clone apps ppMeanwhile Google pulled down a Chrome extension linked to the SpyX campaignppChrome Web Store and Google Play Store policies clearly prohibit malicious code spyware and stalkerware and if we find violations we take appropriate action If a user suspects their Google Account has been compromised they should take recommended steps immediately to secure it Google spokesperson Ed Fernandez told TechCrunchppTechCrunch has a spywareremoval guide for Android users that can help you identify and remove common types of phonemonitoring apps Remember to have a safety plan in place given that switching off the app may alert the person who planted itppFor Android users switching on Google Play Protect is a useful security feature that can help to protect against Android malware including unwanted phone surveillance apps You can enable Google Play from the apps settings if it isnt already enabled ppGoogle accounts are far more protected with twofactor authentication which can better protect against account and data intrusions Know what steps to take if your Google account is compromised ppIf you have an iPhone and iPad you can check and remove any devices from your account that you dont recognize You should ensure that your Apple account uses a long and unique password ideally saved in a password manager and that your account also has twofactor authentication switched on You should also change your iPhone or iPad passcode if you think someone may have physically compromised your device ppIf you or someone you know needs help the National Domestic Violence Hotline 18007997233 provides 247 free confidential support to victims of domestic abuse and violence If you are in an emergency situation call 911 The Coalition Against Stalkerware has resources if you think your phone has been compromised by spywareppUpdated with comment from AppleppTopicspp
Security Editor
pp Zelle is shutting down its app but you probably dont need to worry
pp Mark Cuban backs Skylight a TikTok alternative built on Blueskys underlying technology
pp OpenAIs new image generator is now available to all users
pp ChatGPTs new image generator is really good at faking receipts
pp Oracle under fire for its handling of separate security incidents
pp Amazon unveils Nova Act an AI agent that can control a web browser
pp China Miéville says we shouldnt blame science fiction for its bad readers
pp 2025 Yahoop
Latest
pp
AI
pp
Amazon
pp
Apps
pp
Biotech Health
pp
Climate
pp
Cloud Computing
pp
Commerce
pp
Crypto
pp
Enterprise
pp
EVs
pp
Fintech
pp
Fundraising
pp
Gadgets
pp
Gaming
pp
pp
Government Policy
pp
Hardware
pp
pp
Layoffs
pp
Media Entertainment
pp
Meta
pp
Microsoft
pp
Privacy
pp
Robotics
pp
Security
pp
Social
pp
Space
pp
Startups
pp
TikTok
pp
Transportation
pp
Venture
pp
Events
pp
Startup Battlefield
pp
StrictlyVC
pp
Newsletters
pp
Podcasts
pp
Videos
pp
Partner Content
pp
TechCrunch Brand Studio
pp
Crunchboard
pp
Contact Us
ppA consumergrade spyware operation called SpyX was hit by a data breach last year TechCrunch has learned The breach reveals that SpyX and two other related mobile apps had records on almost 2 million people at the time of the breach including thousands of Apple usersppThe data breach dates back to June 2024 but had not been previously reported and there is no indication that SpyXs operators ever notified its customers or those targeted by the spywareppThe SpyX family of mobile spyware is now by our count the 25th mobile surveillance operation since 2017 known to have experienced a data breach or otherwise spilled or exposed their victims or users data showing that the consumergrade spyware industry continues to proliferate and put peoples private data at risk ppThe breach also provides a rare look at how stalkerware like SpyX can also target Apple customersppTroy Hunt who runs data breach notification site Have I Been Pwned received a copy of the breached data in the form of two text files which contained 197 million unique account records with associated email addressesppHunt said the vast majority of the email addresses are associated with SpyX The cache also includes less than 300000 email addresses associated with two nearidentical clones of the SpyX app called Msafely and SpyPhoneppAbout 40 of the email addresses were already in Have I Been Pwned Hunt saidppAs with previous spyware breaches Hunt marked the SpyX data breach in Have I Been Pwned as sensitive which allows only the person with an affected email address to see if their information is part of this breachppThe operators behind SpyX did not respond to emails from TechCrunch with questions about the breach and a WhatsApp number listed on SpyXs website returned a message saying it was not registered with the messaging appppSpyX is billed as mobile monitoring software for Android and Apple devices ostensibly for granting parental control of a childs phone ppSurveillance malware like SpyX also goes by the term stalkerware and spouseware because sometimes the operators explicitly promote their products as a way to spy on a spouse or domestic partner which is broadly illegal without that persons knowledge Even when the operators dont explicitly promote this illegal use spyware apps share much of the same stealthy datastealing capabilities ppConsumergrade spyware like stalkerware usually works in one of two waysppApps that work on Android devices including SpyX are typically downloaded from outside of the official Google Play app store and require someone with physical access to a victims device usually with knowledge of their passcode to weaken its security settings and plant the spywareppApple has stricter rules about which apps can be on the App Store and run on iPhones and iPads so stalkerware usually taps into a copy of the devices backup found on Apples cloud storage service iCloud With a persons iCloud credentials stalkerware can continuously download the victims most recent backup directly from Apples servers iCloud backups store the majority of a persons device data including messages photos and app datappAccording to Hunt one of the two files in the breached cache referred to iCloud in its filename and contained about 17000 distinct sets of plaintext Apple Account usernames and passwordsppSince the iCloud credentials in the breached cache clearly belonged to Apple customers Hunt sought to confirm the authenticity of the data by reaching out to Have I Been Pwned subscribers whose Apple Account email addresses and passwords were found in the data Hunt said several people confirmed that the information he provided was accurateppGiven the possibility of an ongoing risk to victims whose account credentials might still be valid Hunt provided the list of breached iCloud credentials to Apple prior to publication ppApple did not comment by press time when reached by TechCrunch prior to publication ppIn a brief statement provided after publication Apple spokesperson Sarah ORourke told TechCrunch When data breaches at other companies pose a risk to Apple accounts our security teams work to rapidly investigate and protect our users In this case fewer than 250 iCloud users were impacted and we immediately secured their accountsppAs for the rest of the email addresses and passwords found in the breached text files it was less clear if these were working credentials for any service other than SpyX and its clone apps ppMeanwhile Google pulled down a Chrome extension linked to the SpyX campaignppChrome Web Store and Google Play Store policies clearly prohibit malicious code spyware and stalkerware and if we find violations we take appropriate action If a user suspects their Google Account has been compromised they should take recommended steps immediately to secure it Google spokesperson Ed Fernandez told TechCrunchppTechCrunch has a spywareremoval guide for Android users that can help you identify and remove common types of phonemonitoring apps Remember to have a safety plan in place given that switching off the app may alert the person who planted itppFor Android users switching on Google Play Protect is a useful security feature that can help to protect against Android malware including unwanted phone surveillance apps You can enable Google Play from the apps settings if it isnt already enabled ppGoogle accounts are far more protected with twofactor authentication which can better protect against account and data intrusions Know what steps to take if your Google account is compromised ppIf you have an iPhone and iPad you can check and remove any devices from your account that you dont recognize You should ensure that your Apple account uses a long and unique password ideally saved in a password manager and that your account also has twofactor authentication switched on You should also change your iPhone or iPad passcode if you think someone may have physically compromised your device ppIf you or someone you know needs help the National Domestic Violence Hotline 18007997233 provides 247 free confidential support to victims of domestic abuse and violence If you are in an emergency situation call 911 The Coalition Against Stalkerware has resources if you think your phone has been compromised by spywareppUpdated with comment from AppleppTopicspp
Security Editor
pp Zelle is shutting down its app but you probably dont need to worry
pp Mark Cuban backs Skylight a TikTok alternative built on Blueskys underlying technology
pp OpenAIs new image generator is now available to all users
pp ChatGPTs new image generator is really good at faking receipts
pp Oracle under fire for its handling of separate security incidents
pp Amazon unveils Nova Act an AI agent that can control a web browser
pp China Miéville says we shouldnt blame science fiction for its bad readers
pp 2025 Yahoop
