Hacked, leaked, exposed: Why you should never use stalkerware apps

A whole industry exists that markets apps—commonly called stalkerware—to jealous partners who want to monitor phones. Yet despite how sensitive the data these tools collect is, at least 27 stalkerware companies since 2017 have been hacked or leaked customer and victims’ data online.

The most recent example involves uMobix and associated apps like Geofinder and Peekviewer, after a hacktivist scraped payment information for more than 500,000 customers and published it online. Breaches and exposures have been widespread. Catwatchful was used to compromise the phone data of at least 26,000 victims, SpyX, Cocospy, Spyic and Spyzie left messages, photos and call logs exposed, and 2024 incidents affected Spytech and mSpy, among others.

Hacktivists first targeted the industry in 2017 with intrusions into Retina‑X and FlexiSpy, saying they aimed to destroy what they saw as a toxic trade. Companies have repeatedly mishandled sensitive information through misconfigured servers, leaked databases and exposed credentials.

stalkerware, data breach, umobix, geofinder, peekviewer, mspy, catwatchful, spytech, flexispy, exposed credentials