Stalkerware Industry Plagued by Repeated Data Breaches, Exposing Victims and Abusers Alike
Since 2017, at least 27 stalkerware companies apps marketed to jealous partners for covert surveillance have suffered hacks or major data leaks, exposing sensitive information from both customers and unwitting victims. The latest breach involves uMobix, whose payment data for over 500,000 customers was scraped and published online by a hacktivist targeting the industry’s unethical practices.
A Pattern of Negligence and Exploitation
Stalkerware apps like uMobix, Catwatchful, SpyX, Cocospy, mSpy, and pcTattletale enable illegal surveillance, often marketed as tools to "catch cheating partners." Yet their poor security has repeatedly led to massive data exposures, including:
- Messages, photos, call logs, and GPS locations of victims.
- Customer payment details, support tickets, and login credentials.
- Real-time screenshots and audio recordings from monitored devices.
In 2025 alone, Catwatchful, SpyX, Cocospy, Spyic, and Spyzie all suffered breaches, exposing millions of victims’ data. The trend extends back years, with mSpy (2024), Spytech (2024), and pcTattletale (2024) among the most high-profile cases. pcTattletale’s founder, Bryan Fleming, later pled guilty to hacking and unlawful surveillance charges after the company’s shutdown.
Hacktivists vs. Stalkerware: A Decade of Disruption
The first major stalkerware breaches occurred in 2017, when hackers targeted Retina-X and FlexiSpy, exposing 130,000 customers and wiping servers in an effort to dismantle the industry. Despite these attacks, many companies rebranded or persisted FlexiSpy remains active today, while others like Spyhide and TheTruthSpy have been hacked multiple times.
Some breaches were accidental, like SpyFone’s 2018 leak of an unsecured Amazon S3 bucket containing texts, photos, and passwords. Others were deliberate acts of sabotage, such as the hacker who defaced pcTattletale’s website and leaked internal data after the app was used to monitor hotel check-in systems.
Legal and Ethical Fallout
While eight stalkerware companies have shut down due to breaches or legal action, others rebrand and resurface. The FTC banned SpyFone and its CEO in 2021 after a data exposure, and New York’s attorney general forced PhoneSpector and Highster to close for promoting illegal surveillance.
Security experts, including Eva Galperin of the Electronic Frontier Foundation, note that stalkerware companies are "soft targets" due to their lax security and unethical business models. Even when apps are used "legally" (e.g., parental monitoring), their inherent insecurity puts all users at risk.
A Declining but Persistent Threat
While Malwarebytes reported a decline in stalkerware detections in 2023, experts warn that abusers may be shifting to physical tracking (e.g., AirTags) or harder-to-detect methods. The industry’s history of breaches, rebranding, and legal evasion suggests the problem remains far from resolved.
Source: https://techcrunch.com/2026/02/09/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/
SpyX TPRM report: https://www.rankiteo.com/company/mukikim-toys
uMobix TPRM report: https://www.rankiteo.com/company/umobix
Cocospy TPRM report: https://www.rankiteo.com/company/umobix
mSpy TPRM report: https://www.rankiteo.com/company/mspycompany
Spyic TPRM report: https://www.rankiteo.com/company/umobix
Retina-X TPRM report: https://www.rankiteo.com/company/retina-x-studios
"id": "retmspmukumo1770688652",
"linkid": "retina-x-studios, mspycompany, mukikim-toys, umobix",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '500,000',
'industry': 'Surveillance Software',
'name': 'uMobix',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'Catwatchful',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'SpyX',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'Cocospy',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'mSpy',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'pcTattletale',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'SpyFone',
'type': 'Stalkerware Company'},
{'customers_affected': '130,000',
'industry': 'Surveillance Software',
'name': 'Retina-X',
'type': 'Stalkerware Company'},
{'customers_affected': '130,000',
'industry': 'Surveillance Software',
'name': 'FlexiSpy',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'Spyhide',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'TheTruthSpy',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'PhoneSpector',
'type': 'Stalkerware Company'},
{'industry': 'Surveillance Software',
'name': 'Highster',
'type': 'Stalkerware Company'}],
'attack_vector': ['Hacktivism', 'Unsecured Database', 'Website Defacement'],
'data_breach': {'data_encryption': 'None or Inadequate',
'data_exfiltration': 'Yes',
'file_types_exposed': ['Texts',
'Photos',
'Audio',
'Screenshots'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Messages',
'Photos',
'Call logs',
'GPS locations',
'Payment details',
'Support tickets',
'Login credentials',
'Real-time screenshots',
'Audio recordings']},
'description': 'Since 2017, at least 27 stalkerware companies marketing apps '
'for covert surveillance have suffered hacks or major data '
'leaks, exposing sensitive information from both customers and '
'unwitting victims. The latest breach involves uMobix, whose '
'payment data for over 500,000 customers was scraped and '
'published online by a hacktivist targeting the industry’s '
'unethical practices.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': ['Messages',
'Photos',
'Call logs',
'GPS locations',
'Customer payment details',
'Support tickets',
'Login credentials',
'Real-time screenshots',
'Audio recordings'],
'identity_theft_risk': 'High',
'legal_liabilities': ['FTC Bans',
'Legal Actions by Attorneys General'],
'operational_impact': ['Company Shutdowns', 'Rebranding'],
'payment_information_risk': 'High',
'systems_affected': ['Stalkerware Applications',
'Company Databases',
'Websites']},
'lessons_learned': 'Stalkerware companies are soft targets due to lax '
'security and unethical business models, leading to '
'repeated breaches and legal consequences.',
'motivation': ['Ethical Opposition to Stalkerware',
'Sabotage',
'Exposure of Unethical Practices'],
'post_incident_analysis': {'corrective_actions': ['Company Shutdowns',
'Rebranding',
'Legal Actions'],
'root_causes': ['Poor Security Practices',
'Unethical Business Models',
'Lack of Regulatory Compliance']},
'recommendations': ['Improve security practices (encryption, secure '
'databases)',
'Cease unethical surveillance marketing',
'Comply with legal and regulatory standards',
'Enhance monitoring and incident response plans'],
'references': [{'source': 'Electronic Frontier Foundation'},
{'source': 'Malwarebytes'}],
'regulatory_compliance': {'legal_actions': ['FTC Bans',
'Attorney General Actions'],
'regulations_violated': ['FTC Act',
'State Surveillance Laws']},
'threat_actor': ['Hacktivists', 'Unknown Hackers'],
'title': 'Stalkerware Industry Plagued by Repeated Data Breaches, Exposing '
'Victims and Abusers Alike',
'type': ['Data Breach', 'Hack'],
'vulnerability_exploited': ['Poor Security Practices',
'Unsecured Amazon S3 Buckets',
'Lack of Encryption']}