SpyHuman: Spyware Editor Hacked by Vigilant Hackers

It’s the fifth publisher of "home monitoring" apps which sees its servers being pirated within ½ year. A big quantity of data customers and messages has been stolen for moral reasons.

If you are attracted to spyware for domestic use, a good advice: go your way. Pirates have apparently taken in sights these publishers. In a year and a half, five of them were hacked and the personal data of their customers found themselves in the nature.

The latest one to be tricked is SpyHuman, an Indian publisher who proposes to remotely monitor the Android smartphone activity of a child or spouse: calls, SMS, navigation, GPS, Facebook, WhatsApp, etc.
Unfortunately, a breach in the SpyHuman Web site allowed to access to call and SMS data which the customers watched. According to Motherboard, who received a sample of these data accompanied by an explanatory video, it was enough to log in on his own account and to make "a particular modification" at the URL and hop, we reached the other users data.

The data and the video were passed on to Motherboard through Baptiste Robert, alias "Elliot Alderson", a French hacker who was known in 2017 to have revealed the breaches and data leaks in the OnePlus and Wiko smartphones. According to him, the breach on the SpyHumansite allowed to reach 440 million call data.

For its part, the anonymous hacker justifies his act by the immorality of these applications.

"These spywares should not be on the market. Most people use them to spy on girls and the images are always sensitive. Nobody has the right to do that and the suppliers should not win money with that", he explained in a message

Since then, this fault was sealed. Questioned by Motherboard, the publisher asserts he "had secured his systems". But the damage is done. At first sight, the exploitation of this breach does not seem to be of big technicality. Other people may have seen it and have taken the opportunity to download data. If it was necessary to demonstrate it one more time, this affair clearly shows the risks that induce these applications for the personal data protection.

"Ridiculously vulnerable" solutions

This hack follows upon another one arisen last February. Even there, Motherboard have received in a anonymous way gigabytes of data ex-filtrated from the Mobistealth and Spymaster Pro servers, two publishers who propose surveillance apps for Android and iOS. These stolen data contained, among others, information on the user accounts and the intercepted messages.

"It is disgusting to see that these sites are so accessible and easy to use and that they allow the large-scale harassment, while these sites are so ridiculously vulnerable", explained the anonymous hacker to Motherboard.

Two other hackings took place in April 2017, targeting FlexiSpy and Retina-X publishers. The data of more than 130.000 people were then stolen. The hackers justified their actions to fight against the proliferation of these espionage software.

• I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!

  • This is my guide to secure your PC after a fresh installation of Windows

  • If you think that your phone or your PC has been hacked, you have to check it right now!

  • That's how you can be more Anonymous on the internet!

  • The 4 security measure to put in place on your WIFI router

  • How an adware works?

  • That's how you should guard against Trojan!

  • Why antiviruses are not your friend?

  • Why your PC is slow?

  • Basics tools to protect your privacy and your computer