Danny Weber
18:11 10-02-2026
© RusPhotoBank
A hacktivist leaked 536,000 customer records from smartphone monitoring apps like Geofinder and uMobix, exposing emails and payment data. Learn about the security risks.
A hacktivist gained unauthorized access to the database of a provider of smartphone monitoring apps, exposing the data of hundreds of thousands of customers. The leak involves over 500,000 payment records linked to users who paid to surveil other individuals.
The breach affected clients of services including Geofinder, uMobix, Peekviewer (formerly known as Glassagram), and several other tracking and monitoring applications. According to journalists, all these apps are provided by the same vendor—Struktura, a company registered in Ukraine. The database also contained records related to Xnspy, a service previously implicated in major data breach incidents.
TechCrunch discovered that the leaked dataset comprises about 536,000 rows of customer information. This includes email addresses, the name of the paid service, payment amounts, bank card types (Visa or Mastercard), and the last four digits of card numbers. Transaction dates were not present in the database.
Although full payment details were not exposed, experts note that even this dataset poses a significant threat. The sensitive nature of the services used by these clients amplifies the risk.
TechCrunch journalists verified the database's authenticity through multiple methods. They used public disposable email addresses found in the data to confirm account existence via password recovery mechanisms. Unique invoice identifiers were also checked and matched payment pages for the services, accessible without authentication. This highlights serious security gaps in the vendor's infrastructure.
The hacktivist, using the alias wikkid, stated that access to the data was obtained due to a simple configuration error on the vendor's website. He claimed to intentionally target and hack services used for surveilling people, then published the extracted database on a hacker forum.
Apps like uMobix and Xnspy, once installed on a device, allow third parties near-total access to smartphone contents—including messages, call history, photos, browser data, and precise location. These services are often marketed as tools for monitoring partners or spouses, which directly violates laws in many countries.
This incident is another example of stalkerware developers losing control over data—both their clients' and their victims'. In recent years, dozens of similar services have faced leaks due to basic security errors. Notably, companies profiting from privacy violations consistently fail to secure even their own users' information.