ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

SpyFone Data Breach

spyfone.com
Limited exposure
Verified breach Sensitive Passwords exposed
Accounts exposed 44,109
Breach date 16 Aug 2018
Added to tracker 24 Aug 2018
Data classes 11

What happened

In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within SpyFone's systems. The data belonged the thousands of SpyFone customers and included 44k unique email addresses, many likely belonging to people the targeted phones had contact with.

Exposed data

Audio recordings Browsing histories Device information Email addresses Geographic locations IMEI numbers IP addresses Names Passwords Photos SMS messages

Recommended actions

  • Change your SpyFone password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing SpyFone — attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP