A thriving, yet shady industry has emerged, catering to individuals seeking to monitor and spy on their family members. Numerous app developers market their software, often referred to as stalkerware, to jealous partners who can use these apps to remotely access their victims’ phones.

However, despite the sensitivity of the data involved, a growing number of these companies are experiencing significant data losses.

According to TechCrunch’s tally, which includes the latest data exposures of Cocospy and Spyic, at least 23 stalkerware companies have been hacked or have leaked customers’ and victims’ data online since 2017. This is not a minor issue: at least 23 stalkerware companies have suffered significant data exposures in recent years, with four of them being hacked multiple times.

Cocospy and Spyic are the first stalkerware companies in 2025 to have inadvertently exposed sensitive data. The two surveillance operations left messages, photos, call logs, and other personal and sensitive data of millions of victims exposed online, according to a security researcher who discovered a bug that allowed them to access the data.

In the case of Cocospy, the company leaked 1.81 million customer email addresses, while Spyic leaked 880,167 customer email addresses. This totals 2.65 million email addresses, after removing duplicate addresses that appeared in both breaches, according to an analysis by Troy Hunt, who runs the data breach notification site Have I Been Pwned.

In 2024, there were at least four major stalkerware hacks. The last stalkerware breach in 2024 affected Spytech, a little-known spyware maker based in Minnesota, which exposed activity logs from the phones, tablets, and computers monitored with its spyware. Prior to that, there was a breach at mSpy, one of the longest-running stalkerware apps, which exposed millions of customer support tickets that included the personal data of millions of its customers.

Previously, an unknown hacker broke into the servers of the U.S.-based stalkerware maker pcTattletale. The hacker then stole and leaked the company’s internal data, and also defaced pcTattletale’s official website in an attempt to embarrass the company. The hacker referenced a recent TechCrunch article that reported pcTattletale was used to monitor several front desk check-in computers at a U.S. hotel chain.

As a result of this hack, leak, and shame operation, pcTattletale founder Bryan Fleming announced that he was shutting down his company.

Consumer spyware apps like mSpy and pcTattletale are commonly referred to as “stalkerware” (or spouseware) because jealous spouses and partners use them to surreptitiously monitor and surveil their loved ones. These companies often explicitly market their products as solutions to catch cheating partners, encouraging illegal and unethical behavior. Furthermore, there have been multiple court cases, journalistic investigations, and surveys of domestic abuse shelters that demonstrate how online stalking and monitoring can lead to real-world harm and violence.

This is why hackers have repeatedly targeted some of these companies.

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation and a leading researcher and activist who has investigated and fought stalkerware for years, described the stalkerware industry as a “soft target.”

“The people who run these companies are perhaps not the most scrupulous or really concerned about the quality of their product,” Galperin told TechCrunch.

Given the history of stalkerware compromises, this may be an understatement. The lack of care for protecting their own customers, and consequently the personal data of tens of thousands of unwitting victims, makes using these apps doubly irresponsible. The stalkerware customers may be breaking the law, abusing their partners by illegally spying on them, and putting everyone’s data in danger.

A history of stalkerware hacks

The flurry of stalkerware breaches began in 2017 when a group of hackers breached the U.S.-based Retina-X and the Thailand-based FlexiSpy back to back. Those two hacks revealed that the companies had a total of 130,000 customers worldwide.

At the time, the hackers who claimed responsibility for the compromises explicitly stated that their motivations were to expose and hopefully help destroy an industry that they consider toxic and unethical.

“I’m going to burn them to the ground, and leave absolutely nowhere for any of them to hide,” one of the hackers involved then told Motherboard.

Referring to FlexiSpy, the hacker added: “I hope they’ll fall apart and fail as a company, and have some time to reflect on what they did. However, I fear they might try and give birth to themselves again in a new form. But if they do, I’ll be there.”

Despite the hack, and years of negative public attention, FlexiSpy is still active today. The same cannot be said about Retina-X.

The hacker who broke into Retina-X wiped its servers with the goal of hampering its operations. The company bounced back, but then it got hacked again a year later. A couple of weeks after the second breach, Retina-X announced that it was shutting down.

Just days after the second Retina-X breach, hackers hit Mobistealth and Spymaster Pro, stealing gigabytes of customer and business records, as well as victims’ intercepted messages and precise GPS locations. Another stalkerware vendor, Source Link