A hacktivist has leaked more than half a million payment records from a Ukrainian company that provides consumer-grade “stalkerware” phone surveillance apps. The data includes email addresses and partial payment information of customers who paid to spy on others.
The leaked records contain transactions for services like Geofinder, uMobix, Peekviewer (formerly Glassagram), and Xnspy, which allow users to track private Instagram accounts and access personal data from Android devices and iPhones. These apps are marketed as tools for spying on spouses and domestic partners, but their use is illegal.
The hacktivist exploited a “trivial” bug in the vendor’s website to scrape the data. The leaked records were published on a known hacking forum and appear to come from two companies: Ersten Group and Struktura. Despite efforts by representatives of both companies, no comment was received.
Source: https://techcrunch.com/2026/02/09/hacktivist-scrapes-over-500000-stalkerware-customers-payment-records