X

Spy app for parents leaked messages from targets' phones, report says

MSpy bills itself as a way to monitor the phones of children.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
MSpy's website, which has a photo of a girl lying on some grass and looking at her mobile phone in the background. Superimposed is the text, "Ultimate monitoring software for parental control," as well as a button that says "BUY NOW."

A screenshot from mSpy's website Tuesday, which bills the software as a tool for monitoring kids' phones.

 CNET

The phone monitoring app mSpy leaked information from its users -- and from the phones running its software -- on an open database, according to a report from cybersecurity expert and journalist Brian Krebs.

That means both the customers and the targets of the spy software had their data exposed. Krebs said the leak affected more than a million paying customers.

The leaked data included the usernames and login credentials of the company's customers, as well as the iCloud account information and WhatsApp and Facebook messages of the phones that mSpy software was monitoring. Krebs said the database was no longer available 12 hours before he published his report Tuesday, after he notified the company of the problem.

The company bills itself as the "ultimate monitoring software for parental control." MSpy didn't immediately respond to a request for comment.

Beyond the data directly exposed in the database, the user login information could have let anyone log in to customer accounts and see all the data available from phones being monitored by mSpy software, Krebs wrote. Also exposed was personal contact information, like names and mailing addresses used by customers to purchase the software.