- Hacktivist “wikkid” exploited Struktura website flaw to steal 536,000 customer records
- Data included names, emails, purchases and partial credit card information without payment dates
- Leaked consumer spyware vendors like Geofinder, uMobix, Peekviewer, posted on hacking forum
More than half a million names, email addresses and partial credit card information were leaked when a hacktivist targeted a consumer stalkerware developer.
Earlier this month, a hacker with the alias “wikkid” targeted the website of a company called Struktura. This is a Ukrainian software company that is allegedly behind several phone tracking services such as Geofinder, uMobix, Peekviewer and others. Speaking to TechCrunch, they said they discovered a “trivial” bug on Struktura’s website that allowed them to scrape the data from the supplier.
In total, the hacktivist pulled 536,000 lines of customers’ email addresses, which app or brand they bought, how much they paid, which payment card they used (Visa or Mastercard) and the last four digits of the card. The dates of payments were not found in the archive.
Fun targeting spyware vendors
The publication was able to verify the authenticity of the data by triggering a password reset on accounts associated with public email addresses, as well as by matching each transaction’s unique invoice number with the monitoring vendor’s checkout pages. “We could do this because the payment side allowed us to retrieve the same customer and transaction data from the server without needing a password,” the publication explained.
Wikkid said they had “fun targeting apps used to spy on people” and posted the archive on a popular hacking forum. There, they listed the vendor as Ersten Group, described as a British software development startup.
So far, Struktura representatives have not made any official statements about the incident.
Consumer spyware, or spouseware, is software (mostly mobile apps) that users can purchase and then silently install on mobile devices belonging to their spouses, partners, children, and other persons of interest.
Developers often advertise them as security apps, mostly for monitoring children and people with special needs. However, these are almost always covers for cross-border legal espionage.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
