What kind of customer data was exposed in the stalkerware hack?

The hack exposed over 500,000 payment records, including customer email addresses and partial payment information such as card type and the last four digits.

Which surveillance apps were affected by the data breach?

The data breach affected customers of apps like Geofinder, uMobix, Peekviewer, and Xnspy, which are all provided by the same vendor.

How did the hacktivist gain access to the customer data?

The hacktivist exploited a minor bug in the website of the stalkerware vendor, which allowed them to scrape the sensitive customer transaction records.

Home / Technology / Stalkerware Hack Exposes Spying Customers

Stalkerware Hack Exposes Spying Customers

9 Feb

•

Summary

Hacktivist scraped over 500,000 payment records from spy app vendor.
Exposed data includes customer emails and partial payment information.
Vulnerabilities in surveillance apps continue to lead to data breaches.

Stalkerware Hack Exposes Spying Customers

A recent data breach has exposed more than 500,000 payment records from a provider of consumer-grade "stalkerware" phone surveillance applications. The hacktivist responsible, known as "wikkid," exploited a "trivial" bug to scrape customer data, including email addresses and partial payment information.

The compromised transactions cover services like Geofinder and uMobix, which are used for phone tracking, and Peekviewer for Instagram access. Notably, Xnspy, a known surveillance app previously involved in a 2022 data spill, is also implicated. This incident is the latest in a series of security failures by surveillance vendors.

The vendor, identified as the Ukrainian company Struktura through its identical website to the U.K.-presenting Ersten Group, had its customers' data exposed. While not including full payment details, the leaked information has verified authenticity, confirming the ongoing risks of using such invasive technologies.