US Spyware Maker Spytech Falls Victim to Data Breach

Minnesota-based spyware maker Spytech has fallen victim to a significant data breach, exposing the sensitive data of thousands of devices worldwide. According to TechCrunch, unknown hackers accessed Spytech’s servers and obtained a cache of files that included detailed activity logs from more than 10,000 devices, spanning Android phones, Chromebooks, Macs, and Windows PCs.

The breach has brought to light the extensive reach of Spytech’s surveillance tools, such as Realtime-Spy and SpyAgent, which have been operational since 2013. Spytech’s CEO Nathan Polencheck expressed surprise when contacted by TechCrunch regarding the breach, stating, "This is the first I have heard of the breach and have not seen the data you have seen so at this time all I can really say is that I am investigating everything and will take the appropriate actions."

Unencrypted logs of device activities were exposed in the breach, which included personal information and precise location data. The majority of compromised devices were Windows PCs, with significant clusters of affected devices in the US and Europe. The data breach also implicated Polencheck, who had spyware installed on one of his own devices.

The breach has intensified privacy concerns due to the nature of Spytech’s products, which are often referred to as "stalkerware" — commonly used for monitoring spouses and children. Although some uses of such software can be legal, monitoring a device without the owner's consent is unlawful, raising significant legal and ethical issues.

Those exploited by Spytech were mostly living within the US and Europe, and the exfiltrated data could even reveal the precise location of Polencheck’s house in Red Wing, Minnesota. The exposed data, impacting 138,000 Spytech customers and the victims of the spyware, has been added to the data breach notification service Have I Been Pwned.

This breach follows a similar incident earlier this year involving Michigan-based spyware firm pcTattletale, which resulted in the company shutting down. Another notable incident involved LetMeSpy, a mobile phone spyware app that was hacked, exposing the sensitive data of its users.