SpyFone

Sensitive Breach

What Happened

In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within SpyFone's systems. The data belonged the thousands of SpyFone customers and included 44k unique email addresses, many likely belonging to people the targeted phones had contact with.

Compromised Data

Audio recordings
Browsing histories
Device information
Email addresses
Geographic locations
IMEI numbers
IP addresses
Names
Passwords
Photos
SMS messages

Recommended Actions

Change Your Password

If you haven't changed your password on this service since the breach, do so immediately.

Enable Two-Factor Authentication

If 2FA is supported, add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts, spam and phishing emails.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

Breach Overview

  • Affected Accounts:

    44.1 thousand

  • Breach Occurred:

    August 2018

  • Added to HIBP:

    24 Aug 2018

Breach Classification

HIBP enables you to discover if your account was exposed in most of the data breaches by directly searching the system. However, certain breaches are particularly sensitive in that someone's presence in the breach may adversely impact them if others are able to find that they were a member of the site.

A sensitive data breach can only be searched by the verified owner of the email address being searched for. This is done via the notification system which involves sending a verification email to the address with a unique link.

There are presently 74 sensitive breaches in the system including Adult FriendFinder, Ashley Madison, and others.

Recommended Actions

Change Your Password

If you haven't changed your SpyFone password since 2018, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts or messages from your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password