Spyware and mobile tracking apps are known to be some of the most secure apps on the planet. However, a recent data breach involving SpyFone spyware has left exposed terabytes of sensitive user data.
Table of Contents
Thousands of personal photos and messages leak online
SpyFone is the company behind the SpyFone cell phone tracking app for iOS and Android. Naturally, the data it has access to is quite sensitive as the app remotely saves photos, messages, and location data of all target devices.
Therefore, one would assume the company uses state-of-the-art security infrastructure; however, that isn’t the case.
Recently, a security researcher successfully broke into unprotected SpyFone servers hosted on Amazon S3.
In addition to not being properly protected, all data stored on their server was stored without encryption. The lack of encryption gave anyone unfettered access to several terabytes of personal photos, private messages, browsing history, and 44,000 email addresses.
According to the security researcher behind the leak, the company’s backend did not have any security mechanism in place either. Anyone can log in without a password, create an administrator account, and access sensitive user data.
SpyFone confirms the data breach
SpyFone spokesperson Steve McBroom confirmed that this data breach exposed the data of about 2200 users.
However, it is not yet known whether hackers have already managed to download the data. McBroom also assured that the recent data breach will be the last.
SpyFone’s customer base will likely erode if the company fails to ramp up its security infrastructure in the near future.
We are yet to try out SpyFone’s tracking apps on our test devices. If you would like to have us test their services, just leave a comment below.
(Source – Motherboard)