A consumer-grade spyware operation called SpyX was hit by a data breach last year, TechCrunch has learned. The breach reveals that SpyX and two other related mobile apps had records on almost 2 million people at the time of the breach, including thousands of Apple users.
The data breach dates back to June 2024 but had not been previously reported, and there is no indication that SpyX’s operators ever notified its customers or those targeted by the spyware. The SpyX family of mobile spyware is now, by TechCrunch researchers count, the 25th mobile surveillance operation since 2017 known to have experienced a data breach, or otherwise spilled or exposed their victims’ or users’ data, showing that the consumer-grade spyware industry continues to proliferate and put people’s private data at risk.
Read more…
Source: TechCrunch News
Related:
- Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
December 8, 2025
Last week, pet products and services giant Petco confirmed that it experienced a data breach involving customers’ personal information, without specifying what type of data was affected. On Friday, in a legally required filing with Texas’ attorney general’s office, Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such ...
- Freedom Mobile Confirms Customer Data Breach
December 4, 2025
Canadian telecommunications provider Freedom Mobile suffered a supply-chain attack recently, in which it lost sensitive data on a yet undisclosed number of customers. In a data breach notification letter posted on its website earlier this week, Freedom said hackers broke into an account of a subcontractor, through which they accessed personal information “of a limited number” ...
- UK: Information Commissioner’s Office reprimands Post Office for data breach
December 4, 2025
The Information Commissioner’s Office (ICO) has issued a reprimand to the Post Office following a data breach that resulted in the unauthorised disclosure of personal information belonging to hundreds of postmasters involved in the Horizon IT scandal. The breach occurred when the Post Office’s communications team mistakenly published an unredacted version of a legal settlement document ...
- Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
December 3, 2025
Fintech company Marquis is notifying dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year. Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack. Texas-based Marquis is a marketing and compliance ...
- A data breach at analytics giant Mixpanel leaves a lot of open questions
December 2, 2025
A cybersecurity incident at analytics provider Mixpanel announced just hours before the U.S. Thanksgiving holiday weekend could set a new standard for how not to announce a data breach. To recap: In a bare bones blog post last Wednesday, Mixpanel chief executive Jen Taylor announced that the company had detected an unspecified security incident on November ...
- FTC cracks down on education tech company after massive student data breach
December 1, 2025
The Federal Trade Commission took action against Illuminate Education on December 1, 2025, after the Wisconsin-based company suffered a massive data breach that exposed personal information of more than 10 million students. In late December 2021, a hacker used login credentials from a former employee who had left the company three and a half years ...