We all know that personal data privacy is an incredibly important issue, and one that the whole world is struggling with right now. We all also know that today’s relentless threat of hacking and data breaches are a terrible concern. However, there are some times when data breaches end up sounding really weird, leaving you to scream with… laughter?
That’s certainly the case in one recent data breach that happened to the surprisingly legitimate spyware firm, SpyFone.
Just to clarify things for a moment here, spyware is exactly what you think it is: malware that can steal your content, track your keystrokes, record your phone calls, take screenshots and pictures, and record text messages as well as your browser history. It’s not good stuff.
And yet.
A popular California-based spyware firm called SpyFone, billed as the “number one parental monitoring software,” has unintentionally leaked terabytes of data from thousands of spyware clients and their targets.
Wondering why anyone would want spyware? We were too. We were surprised (and disturbed) to see that SpyFone’s clients can also use the malware to get “peace of mind” about their spouse’s activities and ensure that company property is protected from “inappropriate usage” by employees. Apparently, clients of SpyFone can download the software onto a target device in 15 minutes and, due to the secretive nature of the malware, targets will have no idea they’re being spied on.
By the way, when we say “spied on” we really mean it. SpyFone monitors SMS messages, records calls, provides live viewing services for customers, and collects information from apps like WhatsApp. They must store the information they collect too, because that data forms a portion of what was leaked online.
The rest of the data consisted of:
As IT services providers, we read about new data breaches each day because it’s part of our jobs. This one stood out to us because the breach occurred because of lax security. No one hacked the database. No ransomware was installed. Instead, SpyFone left a data bucket unattended out in the wilds of the internet, and the vulnerability, once tested, resulted in a data goldmine.
While we’re not shedding any tears for a spyware company breach, we can’t help but consider what might have happened if this breach had affected any of the business owners we know. Just like SpyFone, the breached business’s name would be splashed across the news, which can cause irreparable damage to an organization’s brand and image. Also, just like SpyFone, the company would have a sudden emergency on their hands and their customers may start leaving in droves.
We haven’t even mentioned potential breach fines yet.
In short, this is bad news for any company, and it’s especially bad news for companies that worked with SpyFone or were a SpyFone customer’s target. (By the way, if you want to see if you were part of this leak, you can check at Troy Hunt’s helpful breach tracking site, Have I Been Pwned?, which allows you to identify what breaches contained your email address).
Wondering how you can protect your company from losing track of data and causing a breach? Well, we have two suggestions for that, both of which work in tandem.
Not sure how to secure your systems or follow best practices for passwords? It’s easy to get help if your company is in the Seattle area, because we know the perfect company for IT services in Seattle to recommend (wink).
Since 2001, Interplay has been providing full-service, tailor-fit, customized IT services in Seattle and the surrounding area, including monitoring, patching, break/fix support, tech support, and hands-on help.
Rated as one of the top Managed Services Providers (MSPs) in the world, Interplay has the skills, expertise, and plain-old common sense to help you understand how to keep your personal and business data safe and secure.
Contact Interplay to learn more about the services we offer, or to request a quote on our IT services in Seattle.
support@interplayIT.com
16300 Christensen Rd Ste 304 Seattle, WA 98188
(206) 329-6600
