TechCrunch reports that mobile stalkerware operation SpyX had information from nearly two million individuals, including almost 17,000 Apple users, compromised following a data breach last June.
While SpyX accounted for most of the 1.97 million stolen account records and email addresses obtained by HaveIBeenPwned, around 300,000 were from SpyX clones SpyPhone and MSafely, according to HIBP Administrator Troy Hunt, who shared uploading about 40% of the impacted email addresses in the portal. While Apple has yet to confirm the validity of the account usernames and passwords affected by the incident, Google has already dismantled a Chrome extension leveraged by the spyware. Such a development highlights not only the potential spyware compromise of Apple users, who were previously believed to be more protected against cybersecurity threats but also the poor cybersecurity practices of mobile surveillance operations, with TechCrunch noting SpyX to be the 25th spyware app subjected to a data breach since 2017.
