The stalkerware industry is a shadowy corner of the internet, built for people seeking to secretly monitor their loved ones. These spyware apps, designed for phone surveillance, often target suspicious partners. Yet, time and again, they fail at one crucial task — protecting the sensitive data they harvest.
Disturbingly, many stalkerware apps have fallen victim to massive data breaches, leaving millions exposed. The most recent? SpyX — a surveillance app that compromised nearly two million victims’ personal data in a single breach.
Since 2017, at least 25 stalkerware companies have either been hacked or leaked sensitive information online. Shockingly, some of these shady companies got hacked multiple times, revealing just how careless they are with data security.
The SpyX breach, traced back to mid-2024, is just the latest in a long list. Before this, apps like Spyzie, Cocospy, and Spyic also exposed vast amounts of private messages, photos, call logs, and other personal details. Security researchers discovered flaws that left this sensitive information wide open.
These incidents aren’t isolated. Four major breaches happened in 2024 alone. One involved Spytech, a lesser-known U.S. spyware vendor, which exposed detailed activity logs from countless devices. Another involved mSpy, one of the oldest stalkerware apps, which leaked millions of customer service records containing highly personal information.
Hackers even directly targeted pcTattletale, breaching its servers and stealing internal data. In a bold move, they defaced the company’s website, publicly shaming the firm. This came after revelations that pcTattletale was secretly monitoring hotel check-in computers. Soon after, the founder shut down the company for good.
Apps like SpyX, Cocospy, mSpy, and pcTattletale fall under the umbrella term stalkerware. Jealous partners frequently use them to spy on spouses and lovers without consent. Often, these apps openly market themselves as tools to “catch a cheating partner,” blatantly encouraging illegal and abusive behavior.
However, the consequences can be deadly. Numerous reports from domestic abuse shelters, journalists, and court cases show that digital stalking frequently escalates to real-world harm.
It’s no surprise that hackers repeatedly target this industry. According to Eva Galperin, cybersecurity lead at the Electronic Frontier Foundation, stalkerware makers are “soft targets” — careless, unethical, and incompetent when it comes to security.
Given their dismal track record, using stalkerware apps is beyond reckless. Not only are users committing potential crimes, but they’re also putting everyone’s data at serious risk — their own and that of their unsuspecting victims.
A Trail of Hacks and Leaks
The flood of stalkerware breaches began back in 2017. Hackers first hit Retina-X and FlexiSpy, exposing data on over 130,000 users worldwide. The hackers proudly claimed they wanted to destroy this toxic industry.
“I’m going to burn them to the ground and leave nowhere for them to hide,” one hacker told Motherboard, vowing to finish what they started.
While Retina-X eventually collapsed after repeated hacks, FlexiSpy somehow survived and continues operating today. Retina-X wasn’t as lucky — hackers wiped its servers twice, forcing the company to shut down.
The assaults kept coming. Hackers raided Mobistealth, Spy Master Pro, and India-based SpyHuman, stealing private chats, GPS locations, call logs, and more. Soon after, SpyFone accidentally exposed its own data — terabytes of private content left unprotected on Amazon servers.
Other apps followed a similar pattern of carelessness. FamilyOrbit left hundreds of gigabytes of sensitive data protected only by a weak password. mSpy exposed more than 2 million records. Xnore allowed customers to view data from other people’s targets — chats, GPS data, emails, and photos.
MobiiSpy leaked tens of thousands of audio files and images. KidsGuard left victims’ private content exposed due to a misconfigured server. Xnspy, Spyzie, Cocospy, Spyic — the list of offenders keeps growing.
Some apps got hacked so badly they never recovered. Copy9 lost every piece of surveillance data — WhatsApp chats, calls, photos, and browsing histories. LetMeSpy had its servers wiped clean. WebDetetive and its backend partner OwnSpy suffered back-to-back breaches. Spyhide, Oospy, and TheTruthSpy followed similar paths, with TheTruthSpy facing repeated hacks over the years.
Stalkerware Apps Shut Down, But Not for Long
Out of the 25 stalkerware apps tracked, only eight have shut down. But closure doesn’t mean they’re truly gone.
In one rare case, the U.S. Federal Trade Commission banned SpyFone and its CEO from the surveillance business after a major data leak. Whereas reports claim Amazon is still hosting private data stolen by phone surveillance apps weeks after being alerted to the stalkerware breach. Some companies, like PhoneSpector and Highster, shut down after facing legal pressure for encouraging illegal spying. Yet others simply rebranded and resurfaced — the same shady operators, just under a new name.
As Galperin puts it, hacking stalkerware companies does make a dent. But like weeds, they tend to pop up again — rebranded and just as dangerous.
Is Stalkerware Use Declining?
There is a glimmer of hope. Malwarebytes reports a decline in stalkerware usage based on its detection stats. Negative reviews are also rising, with frustrated users complaining the apps don’t work.
However, Galperin warns that stalkers might now rely on physical tracking tools like AirTags or Bluetooth devices, shifting away from software-based spying.
“Stalkerware doesn’t exist in isolation,” Galperin says. “It’s part of a broader ecosystem of tech-enabled abuse.”
Why You Should Never Use Stalkerware Apps
At its core, using stalkerware is unethical and illegal. Secretly spying on someone is considered unlawful surveillance in most places, carrying serious consequences.
Even monitoring children with stalkerware is risky. While technically legal in some areas, it’s invasive and erodes trust. If parents want to track their kids, they should use built-in parental controls from Apple or Google — not shady third-party apps prone to leaks.
The bottom line? Stalkerware apps put everyone at risk — victims and users alike. Leaks are inevitable. Data gets stolen. Companies fold and vanish, often leaving your data exposed.
Choose safety and ethics. Say no to stalkerware.
