A Spyware Vendor is Leaking Private Data of Thousands

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

According to a Motherboard report, there’s a spyware company that is leaking highly sensitive personal data of thousands of people. The server that was discovered by researcher Cian Heasley contains two folders that are entirely open for anyone to access, and which include over 25000 audio recordings (phone calls), and another 95000 intimate images. The unprotected server belongs to a company that sells spying software which allows someone to spy on another person’s cell phone. Because of the criticality of the data, the name of the stalkware vendor has not been revealed, but the finding has been confirmed by the credible researcher Troy Hunt.

The researcher has analyzed the open database and found 3.7 GB of MP3 recordings and 16 GB of images, however, many of those are duplicates, so the actual amount of the leaking material has not been determined. The researcher and the people behind the original story have repeatedly tried to inform the company of the problem, but they have gotten no response from them. Thus, the database remains accessible, and so do the sensitive personal information of thousands of people out there.

Companies who sell this type of services have recently grown in popularity, as parents feel they have some control over the safety of their children, employers can monitor the productivity of their employees, and people can spy on their spouses. However, these companies have demonstrated a characteristic lack of responsibility when it comes to securing this data, violating the privacy of the targeted people, and then exposing their information to a much wider base than just their customers. Examples of similar incidents of spied data exposure involve vendors like Spyfone, Family Orbit, Copy9, Xnore, Spy Master Pro, FlexiSpy, Mobisteath, and Retina-X.

Motherboard has made sincere efforts to alert the stalkware vendor, sending warning messages to all of the official email addresses that they could find online, even the domain registrar, the site administrator, and the Google Voice number listed on the site’s WHOIS. No answer was ever provided by anyone, so the database has been left open for at least six weeks, counting from the moment researcher Heasley reported it. The worst part is that the contact details of either the victims or the customers are not to be found in the database, so the exposed people cannot be warned of the fact either.

Do you think people should be using spyware apps in the first place? Share your thoughts in the comments section below, and don’t forget to like and share this story through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: