CNET también está disponible en español.

Ir a español

Don't show this again

Security

Spy app for parents leaked messages from targets' phones, report says

MSpy bills itself as a way to monitor the phones of children.

MSpy's website, which has a photo of a girl lying on some grass and looking at her mobile phone in the background. Superimposed is the text, "Ultimate monitoring software for parental control," as well as a button that says "BUY NOW."

A screenshot from mSpy's website Tuesday, which bills the software as a tool for monitoring kids' phones.

CNET

The phone monitoring app mSpy leaked information from its users -- and from the phones running its software -- on an open database, according to a report from cybersecurity expert and journalist Brian Krebs.

That means both the customers and the targets of the spy software had their data exposed. Krebs said the leak affected more than a million paying customers.

The leaked data included the usernames and login credentials of the company's customers, as well as the iCloud account information and WhatsApp and Facebook messages of the phones that mSpy software was monitoring. Krebs said the database was no longer available 12 hours before he published his report Tuesday, after he notified the company of the problem.

The company bills itself as the "ultimate monitoring software for parental control." MSpy didn't immediately respond to a request for comment.

Beyond the data directly exposed in the database, the user login information could have let anyone log in to customer accounts and see all the data available from phones being monitored by mSpy software, Krebs wrote. Also exposed was personal contact information, like names and mailing addresses used by customers to purchase the software.