**Hacktivist Scrapes Over 500,000 Stalkerware Customers' Payment Records**

A group of hackers, known for targeting companies that enable phone surveillance and tracking, has exposed the personal data of more than half-a-million customers who purchased these services. The massive dataset includes email addresses, partial payment information, and details about the types of surveillance apps used to spy on others.

The hacked vendor, Struktura, is a Ukrainian company that operates under multiple brand names, including Ersten Group. The data breach highlights the lax cybersecurity practices among companies that sell stalkerware, which can upload sensitive personal data from a victim's phone without their consent.

Stalkerware apps like uMobix and Xnspy have been marketed for use in domestic spying, but their sale and use are often illegal. These apps upload private data, including call records, text messages, photos, browsing history, and precise location information, which is then shared with the person who planted the app.

The dataset obtained by TechCrunch includes:

  • 536,000 lines of customer email addresses
  • App or brand paid for
  • Payout amount
  • Type of payment card (e.g., Visa or Mastercard)
  • Last four digits of the payment card number

The data did not include dates of payments. TechCrunch verified the authenticity of the dataset by resetting passwords on accounts associated with public email addresses and matching transaction IDs with the vendor's checkout pages.

The hacktivist, who uses the moniker "wikkid," claimed they exploited a "trivial" bug in Struktura's website to access the sensitive data. The hacker stated that targeting stalkerware vendors is a favorite pastime due to their involvement in invading people's privacy.

Struktura and Ersten Group representatives did not respond to TechCrunch's requests for comment. Viktoriia Zosim, Struktura's CEO, also declined to comment on the data breach.

**The Problem of Stalkerware**

The recent data breach is just one in a long line of incidents exposing the vulnerability of stalkerware companies. Over the past few years, numerous stalkerware apps have been compromised or had their users' personal data spilled due to poor cybersecurity practices.

These breaches not only put the victims at risk but also create opportunities for hackers to exploit the sensitive information obtained from these apps.

**The Implications of This Breach**

The massive dataset now in circulation has serious implications for those who purchased stalkerware services. The exposed payment records could lead to identity theft and additional vulnerabilities for individuals whose data was compromised by these surveillance vendors.

Furthermore, this breach serves as a stark reminder of the ongoing struggle with cybersecurity within the tech industry. The ease with which hackers accessed sensitive data from Struktura highlights the need for stronger security measures among companies involved in selling stalkerware and other intrusive apps.

**Contact Us**

To report any suspicious activity or share information about this breach, please contact us securely via:

  • Signal: zackwhittaker.1337
  • Email: [zack.whittaker@techcrunch.com](mailto:zack.whittaker@techcrunch.com)

Lorenzo Franceschi-Bicchierai, a Senior Writer at TechCrunch, can be contacted securely via Signal at +1 917 257 1382 or through encrypted message on Keybase and Telegram.