Surveillance software company leaves terabytes of confidential customer data exposed online

The data includes photos, call logs, contacts, hashed logins & passwords, among other things.

  • Published: August 24, 2018 10:22 AM IST

In this age of technology, where the majority of people (are willing to) have just about every information about their life stored on a remote server (or two) located somewhere around the world, it’s imperative that those responsible for safeguarding that information do everything to ensure it doesn’t fall into the wrong hands. However, as incidents like the notorious Facebook-Cambridge Analytica scandal have proved, that’s not always the case.

In yet another such incident, a software company left private digital data of thousands of its customers exposed online. The data, which includes unencrypted photos, text messages, location information, contacts, call logs, hashed logins and passwords, web-browsing history, and even Facebook messages, measures several terabytes in size, according to reports.

According to a report by Motherboard, the information was discovered by a security researcher, stored carelessly on an Amazon S3 (a cloud-storage service offered by Amazon) bucket. The bucket belongs to ‘Spyfone,’ a company that develops comprehensive parental control/surveillance app(s) for smartphones.

As per Motherboard, the website was able to verify that the data was not stored securely, as they created a trial account for the surveillance app and added some information, which was found by the above-mentioned security researcher and sent back to them.

Watch: BlackBerry Key2 First Look

A Spyfone representative told Motherboard that the company was investigating the issue, expressing relief that the data was discovered by a security researcher, and not someone with malicious intentions.

The representative was quoted by the website as saying, “We have partnered with leading data security firms to assist in our investigation and continue to coordinate with law enforcement authorities about this situation. Every day our team takes great strides to enhance our site’s security and we certainly anticipate that this recent data breach is the last. Communications about the breach and the investigation have gone out to our customers.”

  • Published Date: August 24, 2018 10:22 AM IST