A massive leak has exposed over 500,000 payment records tied to consumer-grade stalkerware and phone-tracking services. The leaked data includes buyer email addresses and partial payment details associated with apps marketed for covert surveillance. This incident highlights poor security practices in the industry, which thrives on secrecy.
The dataset contains checkout records for popular monitoring tools like uMobix, Geofinder, and Peekviewer, along with entries for Xnspy, a known surveillance app. Security experts warn that even truncated payment details and emails can enable targeted extortion, doxxing, and identity fraud.
A Ukrainian software company called Struktura is tied to the vendor network, which sells overlapping capabilities such as GPS tracking and access to messages and photos. Industry researchers have noted that stalkerware businesses operate through a patchwork of company names and white-label apps, making it harder for regulators and payment processors to keep pace with enforcement.
The leak raises concerns about security failures across stalkerware vendors, who have a track record of mishandling sensitive data. Using stalkerware without consent is illegal in many jurisdictions, and the incident heightens buyers’ legal risk by tying emails and invoices to specific surveillance services.
Regulators, banks, and card networks can use financial records like payment data to sever services and map relationships between entities. The leak has significant implications for enforcement actions and highlights the need for stronger security measures across the industry.
Source: https://www.findarticles.com/hacktivist-exposes-500000-stalkerware-payments