{"id":20230,"date":"2026-02-09T16:49:18","date_gmt":"2026-02-09T16:49:18","guid":{"rendered":"https:\/\/microvibenews.com\/?p=20230"},"modified":"2026-02-09T16:49:18","modified_gmt":"2026-02-09T16:49:18","slug":"hacktivist-scrapes-over-500000-stalkerware-customers-payment-records","status":"publish","type":"post","link":"https:\/\/microvibenews.com\/?p=20230","title":{"rendered":"Hacktivist scrapes over 500,000 stalkerware customers’ payment records"},"content":{"rendered":"


\n<\/p>\n

\n

A hacktivist has scraped more than half-a-million payment records from a provider of consumer-grade \u201cstalkerware\u201d phone surveillance apps, exposing the email addresses and partial payment information of customers who paid to spy on others.\u00a0<\/p>\n

The transactions contain records of payments for phone-tracking services like Geofinder and uMobix, as well as services like Peekviewer (formerly Glassagram), which purport to allow access to private Instagram accounts, among several other monitoring and tracking apps provided by the same vendor, a Ukrainian company called Struktura.<\/p>\n

The customer data also includes transaction records from Xnspy<\/a>, a known phone surveillance app, which in 2022 spilled the private data<\/a> from tens of thousands of unsuspecting people\u2019s Android devices and iPhones.\u00a0<\/p>\n

This is the latest example of a surveillance vendor exposing the information of its customers due to security flaws. Over the past few years, dozens of stalkerware apps<\/a> have been hacked, or have managed to lose, spill, or expose people\u2019s private data \u2014 often the victims themselves \u2014 thanks to shoddy cybersecurity by the stalkerware operators.<\/p>\n

\n

Contact Us<\/h4>\n

\t\t\tTo contact Zack Whittaker securely, reach out via Signal username zackwhittaker.1337. Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email<\/a>.\t\t<\/div>\n

Stalkerware apps like uMobix and Xnspy, once planted on someone\u2019s phone, upload the victim\u2019s private data, including their call records, text messages, photos, browsing history, and precise location data, which is then shared with the person who planted the app. <\/p>\n

Apps like uMobix and Xnspy have explicitly marketed their services for people to spy on their spouses and domestic partners, which is illegal<\/a>.<\/p>\n

The data, seen by TechCrunch, included about 536,000 lines of customer email addresses, which app or brand the customer paid for, how much they paid, the payment card type (such as Visa or Mastercard), and the last four digits on the card. The customer records did not include dates of payments.\u00a0<\/p>\n

TechCrunch verified the data was authentic by taking several transaction records containing disposable email addresses with public inboxes, such as Mailinator, and running them through the various password reset portals provided by the various surveillance apps. By resetting the passwords on accounts associated with public email addresses, we determined that these were real accounts.<\/p>\n

We also verified the data by matching each transaction\u2019s unique invoice number from the leaked dataset with the surveillance vendor\u2019s checkout pages. We could do this because the checkout page allowed us to retrieve the same customer and transaction data from the server without needing a password.<\/p>\n

The hacktivist, who goes by the moniker \u201cwikkid,\u201d told TechCrunch they scraped the data from the stalkerware vendor thanks to a \u201ctrivial\u201d bug in its website. The hacktivist said they \u201chave fun targeting apps that are used to spy on people,\u201d and subsequently published the scraped data on a known hacking forum.<\/p>\n

The hacking forum listing lists the surveillance vendor as Ersten Group, which presents itself as a U.K.-presenting software development startup.\u00a0<\/p>\n

TechCrunch found several email addresses in the dataset used for testing and customer support instead reference Struktura, a Ukrainian company that has an identical website to Ersten Group. The earliest record in the dataset contained the email address for Struktura\u2019s chief executive, Viktoriia Zosim, for a transaction of $1.\u00a0<\/p>\n

Representatives for Ersten Group did not respond to our requests for comment. Struktura\u2019s Zosim did not return a request for comment.<\/p>\n<\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A hacktivist has scraped more … <\/p>\n","protected":false},"author":1,"featured_media":20231,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[249],"tags":[1662,2539,459,12345,1802,1803],"_links":{"self":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/20230"}],"collection":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20230"}],"version-history":[{"count":0,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/20230\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/media\/20231"}],"wp:attachment":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20230"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20230"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}