A shocking revelation has emerged, exposing the dark underbelly of the surveillance industry. Over half a million customers of so-called "stalkerware" apps have had their payment records scraped by a hacktivist, shedding light on a disturbing trend.
But here's where it gets controversial: these apps, like Geofinder, uMobix, and Peekviewer, claim to offer phone surveillance services, including access to private Instagram accounts. And the data breach has revealed the email addresses and partial payment details of those who paid to spy on others.
The situation is a perfect storm of privacy invasion and security flaws. Stalkerware apps, marketed to spy on spouses and partners, have been hacked or exposed multiple times due to poor cybersecurity practices. This latest breach, involving the Ukrainian company Struktura, has revealed the extent of the problem.
And this is the part most people miss: the victims of these apps are often the very people being spied on. Their private data, including call records, messages, photos, and precise location, is uploaded and shared with the app installer. It's a violation of trust and a serious invasion of privacy.
The data, as seen by TechCrunch, includes over 536,000 customer email addresses, the app they paid for, the payment amount, card type, and the last four digits of the card number. TechCrunch verified the authenticity of the data by resetting passwords on public email accounts and matching transaction details with the vendor's checkout pages.
The hacktivist, known as "wikkid," exploited a "trivial" bug on the stalkerware vendor's website to scrape the data. They stated their motivation as having "fun targeting apps used to spy on people." The data was subsequently published on a hacking forum, listing the vendor as Ersten Group, a U.K.-based software development startup.
However, further investigation revealed a connection to Struktura, a Ukrainian company with an identical website. The earliest record in the dataset was for a $1 transaction, linked to the email address of Struktura's CEO, Viktoriia Zosim.
Representatives from Ersten Group did not respond to requests for comment, and Zosim did not return a request for comment either.
This breach highlights the need for better cybersecurity practices and raises important questions about the ethics of surveillance apps. Are we willing to sacrifice our privacy for the sake of spying on others? And what steps can we take to ensure our data remains secure?
Feel free to share your thoughts and opinions in the comments below. We'd love to hear your take on this controversial issue.
