- Hacktivist “wikkid” exploited Struktura website bug to steal 536,000 customer records
- Data included names, emails, purchases, and partial credit card details without payment dates
- Leak exposed consumer spyware vendors like Geofinder, uMobix, Peekviewer, posted on hacking forum
More than half a million names, email addresses, and partial credit card information was leaked when a hacktivist struck a consumer stalkerware developer.
Earlier this month, a hacker with the alias “wikkid” targeted the website of a company called Struktura. This is a Ukrainian software company allegedly behind multiple phone tracking services such as Geofinder, uMobix, Peekviewer, and others. Speaking to TechCrunch, they said that they discovered a “trivial” bug in Struktura’s website, which allowed them to scrape the data from the vendor.
In total, the hacktivist pulled 536,000 lines containing customer email addresses, which app or brand they purchased, how much they paid, which payment card they used (Visa or Mastercard), and the last four digits of the card. The dates of payments were not found in the archive.
Fun targeting spyware vendors
The publication managed to verify the authenticity of the data by triggering a password reset on accounts associated with public email addresses, as well as by matching each transaction’s unique invoice number with the surveillance vendor’s checkout pages. “We could do this because the checkout page allowed us to retrieve the same customer and transaction data from the server without needing a password,” the publication explained.
Wikkid said they had “fun targeting apps that are used to spy on people”, and that they posted the archive on a popular hacking forum. There, they listed the vendor as Ersten Group, which is described as a UK software development startup.
So far, Struktura representatives have not made any official statements about the incident.
Consumer spyware, or spouseware, are software (mostly mobile apps) that users can purchase and then silently install on mobile devices belonging to their spouses, partners, children, and other people of interest.
Developers often advertise them as security apps, mostly for monitoring children and persons with special needs. However, these are almost always covers for borderline legal espionage.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/gqcnvTaWX8TaWF4LSNsEMj-970-80.jpg
Source link
