The manufacturer of Spy on Spytech from Minnesota, the United States, was hacked, revealing that tens of thousands of devices worldwide are secretly monitored by the company.
A person with access to the company’s database leaked detailed logs from servers containing information on phones, tablets, and computers monitored by SpyTech. Some of the files date back to June. TechCrunch confirmed the authenticity of the data by analyzing device activity logs related to the company’s CEO Neutan Polenchek, who unknowingly had spy software installed on one of his devices.
Since 2013, Spytech’s programs, Realtime-SPY and Spyagent, have compromised over 10,000 devices globally, including Android devices, Chromebooks, Macs, and Windows PCs. Polenchek learned about the hacking from TechCrunch and has initiated an investigation into the data breach.
Spytech sells remote access applications disguised as parental control programs but also marketed as tools for tracking spouses and partners. The company openly offers these products on its website.
Stalkerware, such as Spytech’s programs, is typically installed by someone with physical access to the victim’s device. It operates covertly, making detection and removal difficult. Once installed, the spy software collects keystrokes, web history, device activity, and location data on Android devices.
The leaked data contains activity logs from all tracked devices, including unencrypted information. Most devices are located in Europe, the USA, Africa, Asia, Australia, and the Middle East. One record related to Polenchek’s administrator showed the exact geolocation of his home in Minnesota.
While the leaked data contains personal information from unknowing victims, TechCrunch lacks enough identifying information to notify them about the breach. When asked if Spytech plans to inform customers or authorities about the breach, Polenchek did not respond. Attempts to contact the Attorney General of Minnesota went unanswered.