mSpy: We haven't been breached. Customers: Oh yes you have Controversial commercial spyware firm mSpy has denied it's been hacked, following an apparent breach of its systems several days ago. However, its contention that the incident is just the latest in a series of extortion attempts is seemingly undermined by confirmation that some of the private information leaked is genuine. …
Is it me, or is the phrasing of that mSpy statement a bit off? If I received text like that in an email, I'd be checking the headers; it just reads like something knocked off in a Lagos internet cafe rather than a statement from a reputable company, on a serious matter, to a widely-read news organization. Consequently, it's anything but reassuring (though I am not one of their customers)>
"though I am not one of their customers"
But you might always be one of their targets...(!)
As I understand things, if mSpy had been UK-based then it would be legally obliged to inform people if personal data it holds on them had been breached.
"Dear X, you don't know it, but we've been snooping on you and harvesting details about your personal life....."
As I understand things, if mSpy had been UK-based then it would be legally obliged to inform people if personal data it holds on them had been breached.
"Dear X, you don't know it, but we've been snooping on you and harvesting details about your personal life....."
*****
Don't companies in this country also need informed consent to collect personal data? Seems mSpy would fail at the first hurdle in this country because they would need permission of every target they are tracking to be able to collect anything.
Employers would be able to make users of company phones give consent but then it's not a secret monitoring system any more.
Parents giving consent for collection of personal data on their children is a bit murkier. I'm not sure how that would work.
Ah a mate worked for a company where it was buried in the contract that work email and phones could be monitored. We also discovered that there was an automatic email scanner that refused emails with too much bad language. So I wrote an email from a spare hotmail account about taking a trip from Assloss Road (just off the A77) in Kilmarnock to Scunthorpe via Penistone before heading down to Sandy Balls in Hampshire etc. Needless to say email is duly flagged as containing naughty language and I get one back asking me to clean up the text, but if I felt the flagging was in error to send an email to the address listed and someone would get back to me. I didn't bother.
Yes but in other news: MSpy admits hacking and data theft
"Much to our regret, we must inform you that data leakage has actually taken place," spokeswoman Amelie Ross told BBC News.
"However, the scope and format of the aforesaid information is way too exaggerated."
She said that 80,000 customers had been affected. Initial reports suggested up to 400,000 customer details had been exposed.
"Naturally, we have communicated with our customers whose data could have been stolen, and described them a situation. We put in place all the necessary remedial measures and continue to work on mechanism of data encryption," she added.
A classic quote though from that story though:
"Another user whose financial and personal data was in the cache asked not to be identified but told the security expert that he had paid mSpy to secretly monitor the mobile device of a 'friend.'"
"However, the scope and format of the aforesaid information is way too exaggerated."
Good grief, that's like saying "Train crash, not many dead."
Just one person's data leaking is one too many, so this smacks of either attempting to cover up a real mess or indifference to data security.
Anyway a company with a name like MSpy should be aware of the "Red rag to a bulls" nature of its title. I can see a lot of crackers thinking "That's a tempting target, let's get in there!."
"Ahh, BBC. Hacking is downloading a file using wgetin putty. Would it still be hacking if they showed the same thing in chrome?"
The BBC report never said that using putty to download the file was hacking, they were just showing that they had downloaded (or seen the downloading) of the file containing all the hacked data, therefore showing that the data had actually been 'hacked' by someone.
"mSpy is the leading monitoring & safety application in the market for responsible parents."
"mSpy is the leading monitoring & safety application in the market for overbearing, untrusting, paranoid and controlling parents, whose darlings are likely to end up in rehab for crack abuse due to the lack of being allowed to be "just kids""
TFTFY
"Emails, text messages, payment details, Apple IDs, passwords, photos and location data "
And just why were mSpy storing these? Once the parents have downloaded the data and got their jollies by reading their son's/daughter's intimate messages to their girl/boy friend, exactly what use do mSpy have for that data and what is their justification for storing it beyond that point?
Well what happens is:
The youngster takes a nude selfie of themselves with no intent of passing it on.
This is uploaded to the 3rd party server, and they in turn distribute the child pornography to the parent upon request.
Actually, that gives me an idea...off to Internet Watch Foundation to get them to block it as a potential distributor.
I have no problem in principle with a parent monitoring their child's use of a device to ensure it is being used safely & responsibly (whether the device in question is a pointy stick, a bicycle, a car or a phone), I *do* have a problem with such monitoring being done without the child knowing that they are likely being monitored.
But that's in any case beside the point, because I am quite certain that mSpy is used to monitor adults, probably more so than it is used to monitor children. It is a stalker's dream as well as being a great tool for abusive partners to ensure that they remain in control of their victim.
Seems odd that mSpy's data is readable. Shouldn't it be encrypted? Can mSpy assure its userbase that only "parents and managers" can see the data? Who's to say an mSpy employee hasn't read the texts during a slow news day?
And why is a reporter announcing that the data haul is in fact genuine? Seems like he's only going to encourage people who have the ability to get the dump to pay up for it. You know, the crowd who likes verified data dumps for phishing et al?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
