Hajra Naz
A major data breach affecting SpyX, a consumer-grade spyware operation. The breach, which occurred in June 2024 but remained unreported until now, exposed nearly two million user records—including thousands of Apple customers. SpyX never disclosed the incident to its users or those targeted by its spyware.
This occurrence marks at least the 25th time since 2017 that a versatile surveillance operation has endured an information breach, proving the continuous dangers posed by the spyware industry. The breach moreover gives knowledge into how stalkerware like SpyX can compromise Apple users.
What the Breach Revealed
Data breach expert Troy Hunt, founder of Have I Been Pwned, obtained two leaked text files containing 1.97 million unique email addresses associated with SpyX and its two clone apps, MSafely and SpyPhone. While most of the breached accounts belonged to SpyX users, around 300,000 were linked to the clone apps. Approximately 40% of the email addresses were already registered in Have I Been Pwned.
As with previous spyware-related breaches, Hunt marked this incident as “sensitive” in Have I Been Pwned, meaning only those affected can check if their data was compromised.
SpyX’s operators did not respond inquiries regarding the breach. Attempts to reach them via a listed WhatsApp number also failed.
How SpyX and Other Stalkerware Operate
SpyX advances itself as an iOS and Android parental observing app. In any case, since they encourage covert surveillance and are occasionally promoted as tools for spying on partners—which is frequently illegal without consent—spy apps like SpyX are regularly classified as stalkerware, also known as “spouseware.”
Spy programs like SpyX on Android devices need to be manually installed outside of the Google Play Store, which frequently necessitates having physical access to the target’s phone. Disabling security settings during the installation procedure permits unwanted monitoring.
However, app regulations are more stringent for Apple devices. Usually, stalkerware accesses an iPhone or iPad’s iCloud backups rather than installing malware directly. An attacker can continuously download personal information, like as messages, images, and app details, if they have access to the victim’s iCloud login credentials.
Apple iCloud Credentials Also Exposed
One of the two breached files referenced iCloud in its filename and contained around 17,000 unique Apple Account usernames and passwords. Hunt reached out to affected Have I Been Pwned users, and several confirmed the accuracy of the leaked credentials.
Concerned about potential ongoing risks, Hunt provided Apple with the breached iCloud credentials before the breach was made public. However, Apple did not comment on the matter.
The remaining leaked credentials appeared to be linked primarily to SpyX and its clone apps, though their broader implications remain unclear.
Google Takes Action Against SpyX
Following the breach, Google removed a Chrome extension associated with the SpyX operation. Google spokesperson Ed Fernandez said.
“Chrome Web Store and Google Play Store policies prohibit malicious code, spyware, and stalkerware. If violations are found, we take appropriate action. Users who suspect their Google Account is compromised should take immediate security steps,”
How to Detect and Remove SpyX
If you suspect SpyX or similar spyware is installed on your device, here’s how you can check and remove it:
For Android Users:
- Use Google Play Protect – Enable it in settings to scan for malicious apps, including spyware.
- Check for Unusual Apps – Manually inspect installed apps and remove any you don’t recognize.
- Secure Your Google Account – Enable two-factor authentication (2FA) to prevent unauthorized access.
For Apple Users:
- Review Connected Devices – Check your Apple ID settings and remove unrecognized devices.
- Change Your Apple ID Password – Utilize a solid, interesting password stored in a password manager.
- Enable Two-Factor Authentication – This prevents attackers from getting to your iCloud data.
- Reset Your Device Passcode – If somebody has physical access to your iPhone or iPad, change your passcode immediately.
Spyware proceeds to pose genuine security dangers, making proactive security measures pivotal in securing individual information from unauthorized access.
