Terabytes of data were left exposed online by two separate businesses in the past week. Spyfone, which markets their products to parents and employers looking to keep an eye on those in their charge and Family Orbit, which parents use to monitor their children, have both been breached.
In the case of Spyfone, an anonymous cybersecurity researcher discovered the poorly protected data on an Amazon s3 bucket online. Compromised data included photos, audio recordings, text messages, hashed passwords and logins, and web history, among others. More than 44,000 unique email addresses were exposed.
In addition to the exposed data, Spyfone’s backend services, as well as one of its APIs, were also left wide open with no password protection. The researcher was able to create admin accounts and see customer data, plus see what “appears to be an up-to-date and constantly updating list of customers.”
Today, Motherboard reports that a hacker was able to access servers that hold photos intercepted by Family Orbit’s spyware. “I had all photos uploaded from the phones of kids being monitored, and also some screenshots of the developer’s desktops which exposed passwords and other secrets,” the hacker told Motherboard.
That hacker was the same person who hacked Retina-X and twice wiped its server. According to Motherboard, hackers have breached eight different spyware companies in the past 18 months, including FlexiSpy, Retina-X, TheTruthSpy, Mobistealth, Spy Master Pro, Spyfone and SpyHuman. “Several hackers have targeted the industry with the goal of exposing what they think is an unethical line of business that employs shoddy security practices,” writes Motherboard.
Get the full story on Motherboard.