In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.
- Breach date: 24 June 2024 Date added to HIBP: 19 March 2025
- Compromised accounts: 1,977,011
- Compromised data: Device information, Email addresses, Geographic locations, IP addresses, Passwords Stop Stalkerware.
Serves them right for using spyware.
Edit. It has correctly been brought to my attention that the targets also had their credentials leaked. They didn’t deserve that. That said, fuck the people who were installing spyware in other people’s devices.
The victims didn’t choose to be spied on…
This is true, I have no sympathy for the ones who put spare on another’s device, but the targets did not deserve that.