SpyFone for iOS exposes terabytes of sensitive user data online

Spyware and mobile tracking apps are known to be some of the most secure apps on the planet. However, a recent data breach involving SpyFone spyware has left exposed terabytes of sensitive user data.

Thousands of personal photos and messages leak online

SpyFone is the company behind the SpyFone cell phone tracking app for iOS and Android. Naturally, the data it has access to is quite sensitive as the app remotely saves photos, messages, and location data of all target devices.

Therefore, one would assume the company uses state-of-the-art security infrastructure; however, that isn’t the case.

Recently, a security researcher successfully broke into unprotected SpyFone servers hosted on Amazon S3.

SpyFone data leak 2018

In addition to not being properly protected, all data stored on their server was stored without encryption. The lack of encryption gave anyone unfettered access to several terabytes of personal photos, private messages, browsing history, and 44,000 email addresses.

According to the security researcher behind the leak, the company’s backend did not have any security mechanism in place either. Anyone can log in without a password, create an administrator account, and access sensitive user data.

SpyFone confirms the data breach

SpyFone spokesperson Steve McBroom confirmed that this data breach exposed the data of about 2200 users.

However, it is not yet known whether hackers have already managed to download the data. McBroom also assured that the recent data breach will be the last.

Data breach

SpyFone’s customer base will likely erode if the company fails to ramp up its security infrastructure in the near future.

We are yet to try out SpyFone’s tracking apps on our test devices. If you would like to have us test their services, just leave a comment below.

(Source – Motherboard)

Leave a Reply

Share7
Tweet