Commercial spyware maker mSpy has been breached – again – and millions of purchasers can be identified from the spilled records.… mSpy showed up on Have I Been Pwned on July 11, with the site revealing hacktivists were responsible for the theft of millions of Zendesk support tickets from buyers unable to use the software.
“Comprising 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos,” the mSpy entry on Have I Been Pwned reads. The site attachments included screen grabs of financial transactions, photos of credit cards and even some nude selfies.
Read more…
Source: MSN News
Related:
- Android spyware strains linked to state-sponsored Confucius threat group
February 11, 2021
Two variants of Android spyware connected to pro-India, state-sponsored hacking campaigns have been discovered. On Tuesday, cybersecurity firm Lookout said that two malware strains, dubbed Hornbill and SunBird, have been linked to Confucius, an advanced persistent threat (APT) group thought to be state-sponsored and to have pro-India ties. First detected in 2013, Confucius has been linked to ...
- Zero-click iOS zero-day found deployed against Al Jazeera employees
December 20, 2020
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the ...
- New Goontact spyware discovered targeting Android and iOS users
December 16, 2020
Security researchers have discovered a new malware strain with spying and surveillance capabilities —also known as spyware— that is currently available in both Android and iOS versions. Named Goontact, this malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information. Detected by mobile security firm Lookout, ...
- PyMICROPSIA: New Information-Stealing Trojan from AridViper
December 14, 2020
Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the ...
- Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
December 7, 2020
Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages. According to U.S. feds, the developers of this malware are ...
- GravityRAT: The spy returns
October 19, 2020
In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, ...