A growing and shadowy industry caters to those looking to monitor and spy on their families. Several app developers market their software—often called stalkerware—to jealous partners, enabling them to remotely access their victims’ phones.

Figure 1. Stalkerware Apps: Hacked, Leaked, and Risky – Why You Should Stay Away.

Despite the highly sensitive nature of this data, an increasing number of these companies are suffering massive breaches. Figure 1 shows Stalkerware Apps: Hacked, Leaked, and Risky – Why You Should Stay Away.

According to TechCrunch’s records, including recent leaks from Cocospy and Spyic, at least 23 stalkerware companies have been hacked or exposed customers’ and victims’ data online since 2017.

That’s not a mistake—23 different stalkerware providers have suffered significant security lapses, with four of them breached multiple times.

Cocospy and Spyic are the first stalkerware companies in 2025 to expose sensitive data. A security researcher discovered a flaw that left millions of victims’ messages, photos, call logs, and other personal data accessible online.

Cocospy leaked 1.81 million customer email addresses, while Spyic exposed 880,167. After removing duplicates, a total of 2.65 million unique email addresses were compromised, according to an analysis by Troy Hunt, who runs the data breach notification site Have I Been Pwned.

In 2024 alone, at least four major stalkerware breaches occurred. The most recent targeted Spytech, a little-known spyware company based in Minnesota, which exposed activity logs from monitored phones, tablets, and computers. Before that, mSpy—one of the longest-running stalkerware apps—leaked millions of customer support tickets containing sensitive user data.

Another major incident involved an unknown hacker breaching the servers of U.S.-based stalkerware provider pcTattletale. The hacker stole and leaked internal company data, then defaced its official website in an effort to humiliate the company. This was in response to a TechCrunch report revealing that pcTattletale had been used to monitor front desk check-in computers at a U.S. hotel chain. As a result, pcTattletale founder Bryan Fleming announced the company’s shutdown.

Consumer spyware apps like mSpy and pcTattletale are often labeled as stalkerware (or spouseware) because they enable jealous partners to secretly track their loved ones. These companies frequently market their products as tools for catching cheating spouses, openly encouraging unethical and often illegal surveillance. Numerous court cases, journalistic investigations, and surveys of domestic abuse shelters have shown that online stalking and monitoring can lead to real-world harm and violence.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a leading expert on stalkerware, describes the industry as a “soft target.”

“The people who run these companies are perhaps not the most scrupulous or really concerned about the quality of their product,” Galperin told TechCrunch.

Given the long history of stalkerware data breaches, that may be an understatement. These companies fail to protect their own customers’ information, exposing not only the personal data of those using the apps but also the private details of tens of thousands of unwitting victims. Using these apps is not only unethical and potentially illegal—it also puts everyone’s data at risk.

Hacked, but Unrepentant

In a rare case of legal action, the Federal Trade Commission banned SpyFone and its CEO, Scott Zuckerman, from operating in the surveillance industry after a security lapse exposed victims’ data.

Another operation linked to Zuckerman, SpyTrac, shut down following a TechCrunch investigation.

Meanwhile, PhoneSpector and Highster—two companies not known to have been hacked—also closed after New York’s attorney general accused them of encouraging illegal surveillance.

But a company shutting down doesn’t always mean it’s gone for good. As seen with Spyhide and SpyFone, some developers and owners simply rebrand and relaunch under a different name.

“I do think these hacks make an impact,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “But if you think that hacking a stalkerware company will make them shake their fists, curse your name, and disappear forever, that has most definitely not been the case.”

“What happens most often,” she added, “is that when you kill a stalkerware company, it comes back like mushrooms after the rain.”

There is some positive news. A report by security firm Malwarebytes found a decline in stalkerware use based on its data from infected devices. Galperin has also noticed an increase in negative reviews for these apps, with customers complaining they don’t work as intended.

However, she warns that security firms may not be detecting stalkerware as effectively as before, or that stalkers have shifted tactics, using physical surveillance tools like AirTags and other Bluetooth trackers instead.

“Stalkerware does not exist in a vacuum,” Galperin said. “It is part of a whole world of tech-enabled abuse.”

Say No to Stalkerware

Using spyware to monitor loved ones is not only unethical—it’s illegal in most jurisdictions, classified as unlawful surveillance.

Beyond the legal risks, stalkerware makers have repeatedly proven they cannot secure data—whether that’s the personal information of their customers or the sensitive details of their victims.

Some people justify stalkerware use by claiming they are monitoring their children. While this is legal in the U.S., it doesn’t make it any less invasive or unethical.

Even if lawful, Galperin argues that parents should not spy on their children without their knowledge and consent.

Instead, she recommends using built-in parental controls available on Apple and Android devices, which are more secure, transparent, and designed to protect privacy—unlike stalkerware apps that have a track record of data breaches.

Reference:

1. https://techcrunch.com/2025/02/20/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/
2. https://techcrunch.com/2025/02/20/stalkerware-apps-cocospy-spyic-exposing-phone-data-of-millions-of-people/

Cite this article:

Priyadharshini S (2025),”Hacked, Leaked, and Exposed: Why You Should Avoid Stalkerware Apps", AnaTechmaz, pp. 226