The recent hack and data leak of stalkerware maker pcTattletale has once again highlighted the dangers of these invasive surveillance apps. Stalkerware, also known as consumer spyware, is often used by jealous partners to secretly monitor and surveil their loved ones. These companies explicitly market their products as tools to catch cheating partners, encouraging unethical and illegal behavior. However, numerous court cases, investigations, and surveys have revealed that online stalking and monitoring can lead to real-world harm and violence.
Hackers have repeatedly targeted stalkerware companies due to their lack of concern for protecting customer data. TechCrunch reports that pcTattletale is the 20th stalkerware company since 2017 to be hacked or have customer data exposed. Three of these companies have experienced multiple hacks. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, describes the stalkerware industry as a “soft target” due to the questionable ethics of those running these companies.
The history of stalkerware breaches dates back to 2017 when hackers targeted Retina-X and FlexiSpy, exposing a total of 130,000 customers worldwide. The motivation behind these hacks was to expose and destroy an industry that is considered toxic and unethical. While FlexiSpy remains active today, Retina-X was forced to shut down after suffering two breaches within a year.
Other stalkerware companies have also experienced breaches or accidental data exposures. Hackers targeted Mobistealth, Spy Master Pro, SpyHuman, and SpyFone, stealing customer and victim data such as messages, GPS locations, and call metadata. SpyFone accidentally left a storage bucket unprotected online, exposing sensitive personal data of unknowing victims.
Furthermore, companies like FamilyOrbit, mSpy, Xnore, Mobiispy, KidsGuard, and Xnspy irresponsibly left customer and victim data exposed online. Copy9, LetMeSpy, WebDetetive, OwnSpy, Spyhide, and Oospy were also hacked, resulting in stolen data and server wipes. TheTruthSpy holds the record for being hacked or leaking data on three separate occasions.
Of the 20 stalkerware companies, eight have shut down. The Federal Trade Commission banned SpyFone and its CEO, Scott Zuckerman, from operating in the surveillance industry. PhoneSpector and Highster shut down following accusations of encouraging illegal surveillance. However, some shuttered companies simply rebranded under new names.
While the use of stalkerware is declining, according to security firm Malwarebytes, it is still a significant issue. Negative reviews of these apps have increased, with customers complaining that they don’t work as intended. It’s possible that security firms are not as effective at detecting stalkerware, or stalkers have shifted to physical surveillance using devices like AirTags.
Using stalkerware is not only unethical but also illegal in most jurisdictions. Stalkerware makers have repeatedly demonstrated their inability to secure customer and victim data. Even monitoring children with stalkerware is considered creepy and unethical. Instead, parents should use safer parental tracking tools built into Apple and Android devices or seek their children’s consent before monitoring their activities.
If you or someone you know is a victim of domestic abuse or violence, the National Domestic Violence Hotline provides free, confidential support. The Coalition Against Stalkerware also offers resources for those who suspect their phone has been compromised by spyware.
