Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A fraudster has extracted more than half a million payments from providers of “stalkerware” phone monitoring software, revealing the email addresses and billing information of customers who pay to spy on others.
The product has a history of payment for phone tracking services such as Geofinder and uMobix, as well as services such as Peekviewer (formerly Glassagram), which aims to allow access to private Instagram accounts, among several other monitoring and tracking programs offered by the same vendor, a Ukrainian company called Struktura.
The customer data as well includes commercial articles from Xnspythe popular phone monitoring software, which in 2022 he lost his secret from thousands of unsuspecting Android devices and iPhones.
This is the latest example of a retailer exposing its customers’ personal information due to a security breach. In the last few years, many stalkerware programs have stolen, or may have lost, lost, or exposed the privacy of people – often the victims themselves – due to poor cybersecurity and stalkerware operators.
contact us
To contact Zack Whittaker securely, access it via the Signal username zackwhittaker.1337. Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegraph, Keybase and Wire @lorenzofb, or email.
Stalkerware programs such as Mobix and Xnspy, planted on someone’s phone, download the victim’s private information, including call records, text messages, photos, browsing history, and content, which is shared by the person who planted the app.
Apps like UMobix and Xnspy have openly marketed their services to people to see their wives or housemates, which is prohibited.
The data, which was seen by TechCrunch, included about 536,000 lines of customer email addresses, the program or brand the customer paid for, the amount paid, the type of payment card (such as Visa or Mastercard), and the last four digits on the card. Customer records did not include payment dates.
TechCrunch verified that the information was genuine by taking several records of emails that can be dumped in public inboxes, such as Mailinator, and running them through various privacy settings provided by various monitoring software. By resetting passwords for public email accounts, we confirmed that these were real accounts.
We also verified the information by comparing each invoice number from the download group with the vendor’s checkout pages. We could do this because the login page allowed us to retrieve the same client and data from the server without requiring a password.
The hacktivist user, who goes by the moniker “wikkid,” told TechCrunch that he removed his stalkerware products because of a “minor” bug on his website. The expert said he “enjoys tracking software used to spy on people,” and later published the data stored on a popular hacking forum.
A hacking forum listing lists the seller as Ersten Group, which bills itself as a UK-based software startup.
TechCrunch found several emails in the dataset used for testing and customer support instead refer to Struktura, a Ukrainian company with a website similar to Ersten Group. The oldest post in the group had the email address of Struktura’s CEO, Viktoriia Zosim, to sell for $1.
Representatives for the Ersten group did not respond to our request for comment. Struktura’s Zosim did not return a request for comment.
