SpyX, a spyware company, suffered a data breach in June 2024 that exposed nearly 2 million users’ data. The breach compromised sensitive information, including email addresses, IP addresses, passwords, device details, and geographic locations. This data could enable unauthorized access, identity theft, and tracking. Most concerning is the exposure of iCloud credentials, which could allow direct monitoring of individuals’ Apple accounts.
Users affected by the breach are urged to change passwords, enable two-factor authentication, and monitor accounts for suspicious activity.
SpyX, along with its app clones MSafely and SpyPhone, stored nearly 2 million unique email records in the breach. The breach also revealed iCloud account usernames and passwords, presenting a severe privacy risk. These credentials, particularly linked to Apple customers, were included in the breach and confirmed by several affected users. Cybersecurity experts are advising users to immediately secure their accounts to prevent further exploitation.
The breach also shines a light on the growing issue of stalkerware and spyware, with these types of malware targeting personal devices.
SpyX and similar apps, often marketed as monitoring software, can illegally access users’ data without their knowledge. Apple’s cloud services, like iCloud, are frequently targeted by these apps, which steal backups containing sensitive information like messages and photos. Google has also removed a Chrome extension linked to SpyX in response to the breach.
Spyware breaches like this highlight the ongoing challenges in cybersecurity and privacy. Both Google and Apple have taken action to address the breach, but experts urge users to adopt stronger security practices. By using tools like two-factor authentication and regularly checking account security settings, users can protect themselves from the increasing threat of surveillance malware.
Reference:
