A lesser-known spyware maker based in Minnesota recently suffered a data breach, uncovering thousands of devices worldwide under its covert remote surveillance operation. The breach was brought to light when a source shared a cache of files with TechCrunch, including detailed logs of device activity from phones, tablets, and computers monitored by Spytech, with some records dating back to early June.
TechCrunch verified the authenticity of the data by analyzing device activity logs related to the company’s CEO, who had installed the spyware on one of his own devices. The data revealed that Spytech’s spyware, including Realtime-Spy and SpyAgent, has infiltrated over 10,000 devices globally since 2013. These affected devices include Android phones, Chromebooks, Macs, and Windows PCs.
Spytech is the latest spyware company to fall victim to a breach, making it the fourth such incident this year, according to TechCrunch’s findings. When approached for comment, Spytech’s CEO, Nathan Polencheck, claimed ignorance of the breach and stated that he was investigating the matter.
The spyware developed by Spytech is marketed as remote access apps, commonly known as “stalkerware,” which are promoted as tools for parental monitoring but are also used for spying on partners. Spytech’s website openly advertises its products for spousal surveillance, emphasizing the ability to monitor a spouse’s activities.
While monitoring children or employees is legal in many cases, spying on someone’s device without their consent is illegal. Individuals involved in selling or using spyware have faced legal consequences in the past. Stalkerware apps are typically installed by someone with physical access to the target device, making detection and removal challenging.
The breached data exposed logs of all the devices under Spytech’s control, detailing each device’s activity. Most compromised devices were Windows PCs, followed by Android phones, Macs, and Chromebooks. The device activity logs were found to be unencrypted.
In analyzing the location data from compromised Android phones, TechCrunch identified clusters of monitored devices across Europe, the United States, Africa, Asia, Australia, and the Middle East. The breached data also included the precise geolocation of the CEO’s residence in Minnesota.
Despite the sensitive nature of the data obtained from monitored devices, there was insufficient identifiable information to notify the affected individuals. When questioned about informing customers or authorities as required by data breach laws, Spytech’s CEO did not provide a clear response.
Spytech has been in operation since at least 1998 but gained attention in 2009 when an individual used its spyware to target a children’s hospital in Ohio. The spyware infected the hospital’s systems, collecting sensitive health information from the ex-partner of the perpetrator.
Notably, Spytech is the second U.S.-based spyware maker to experience a data breach in recent months, following a similar incident with Michigan-based pcTattletale. The breach notification service Have I Been Pwned identified 138,000 customers affected by the pcTattletale breach.
If you suspect that your phone has been compromised by spyware, the Coalition Against Stalkerware offers resources for assistance. Additionally, the National Domestic Violence Hotline provides free and confidential support to victims of domestic abuse and violence. In emergency situations, always call 911 for immediate assistance.