Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday August 24 2018, @08:21PM   Printer-friendly
from the cloud dept.

Submitted via IRC for SoyCow4408

A company that markets cell phone spyware to parents and employers left the data of thousands of its customers—and the information of the people they were monitoring—unprotected online.

The data exposed included selfies, text messages, audio recordings, contacts, location, hashed passwords and logins, Facebook messages, among others, according to a security researcher who asked to remain anonymous for fear of legal repercussions.

Last week, the researcher found the data on an Amazon S3 bucket owned by Spyfone, one of many companies that sell software that is designed to intercept text messages, calls, emails, and track locations of a monitored device.

[...] The researcher said that the exposed data contained several terabytes of "unencrypted camera photos."

"There's at least 2,208 current 'customers' and hundreds or thousands of photos and audio in each folder," he told Motherboard in an online chat. "There is currently 3,666 tracked phones."

The company's backend services were also left wide open, not requiring a password to log into them, according to the researcher, who said he was able to create admin accounts and see customer data.

Spyfone also left one of it's APIs completely unprotected online, allowing anyone who guesses the URL to read what appears to be an up-to-date and constantly updating list of customers. The site shows first and last names, email and IP addresses. As of Thursday, there were more than 11,000 unique email addresses in the database, according to a Motherboard analysis.

Source: https://motherboard.vice.com/en_us/article/9kmj4v/spyware-company-spyfone-terabytes-data-exposed-online-leak


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Informative) by requerdanos on Friday August 24 2018, @08:33PM (3 children)

    by requerdanos (5997) on Friday August 24 2018, @08:33PM (#726012) Journal

    [Spyfone exposed] the data of thousands of its customers

    To be fair, their customers knew Spyfone's privacy position ("against it") when they agreed to become customers.

    • (Score: 1, Insightful) by Anonymous Coward on Friday August 24 2018, @09:08PM

      by Anonymous Coward on Friday August 24 2018, @09:08PM (#726027)

      I concur; there is no honor among those that profit from violating others.

    • (Score: 0) by Anonymous Coward on Friday August 24 2018, @09:09PM (1 child)

      by Anonymous Coward on Friday August 24 2018, @09:09PM (#726029)

      What about their spouses etc who were exposed to the malware?

      • (Score: 3, Insightful) by requerdanos on Friday August 24 2018, @10:23PM

        by requerdanos (5997) on Friday August 24 2018, @10:23PM (#726043) Journal

        spouses etc who were exposed to the malware?

        They were already victims of Spyfone and the "customer", now they are being victimized to a larger extent due to Spyfone's practices and the poor judgment of "customer".

  • (Score: 1, Funny) by Anonymous Coward on Friday August 24 2018, @08:37PM (8 children)

    by Anonymous Coward on Friday August 24 2018, @08:37PM (#726015)

    In the Soviet UK, Halogen bans EU!

    • (Score: 0) by Anonymous Coward on Friday August 24 2018, @09:01PM (3 children)

      by Anonymous Coward on Friday August 24 2018, @09:01PM (#726024)

      Ok who is running the shitty chat bot?? Either this person can't tell the difference between slashdot and soylentnews or it is a shitty bot.

      Not sure I understand why someone would program a bot to post the above.

      • (Score: 0) by Anonymous Coward on Friday August 24 2018, @09:10PM (2 children)

        by Anonymous Coward on Friday August 24 2018, @09:10PM (#726030)

        because it's not a bot and just was some dude that wasn't funny to you?

        the internet is full of people that can be replaced with simple scripts, that doesnt mean they have benefitted from it yet.

        • (Score: 0) by Anonymous Coward on Friday August 24 2018, @09:24PM (1 child)

          by Anonymous Coward on Friday August 24 2018, @09:24PM (#726031)

          Incorrect, this joke is meant for slashdot which at this moment has the story 2nd from the top. The EU halogen ban story has not run on SN yet. I made that point already, am I arguing with a bot now?

          • (Score: 1, Funny) by Anonymous Coward on Friday August 24 2018, @10:24PM

            by Anonymous Coward on Friday August 24 2018, @10:24PM (#726045)

            No, it just was some dude that wasn't that bright to you?

    • (Score: 2) by turgid on Friday August 24 2018, @09:44PM (3 children)

      by turgid (4318) on Friday August 24 2018, @09:44PM (#726038) Journal

      The UK isn't Soviet at the moment, it's fascist.

      • (Score: 1, Insightful) by Anonymous Coward on Saturday August 25 2018, @02:57AM (2 children)

        by Anonymous Coward on Saturday August 25 2018, @02:57AM (#726127)

        The distinction beyond ideological semantics between both systems is close to nil.

  • (Score: 1, Insightful) by Anonymous Coward on Friday August 24 2018, @09:27PM (2 children)

    by Anonymous Coward on Friday August 24 2018, @09:27PM (#726033)

    Is this some shit marketed to parents to install on their kids' phones? If so, how much CP is stored out in the open on Amazon?

    • (Score: 0) by Anonymous Coward on Friday August 24 2018, @10:39PM (1 child)

      by Anonymous Coward on Friday August 24 2018, @10:39PM (#726056)

      But they have to install it to protect the children, you can't be too safe!

      • (Score: 3, Touché) by MostCynical on Saturday August 25 2018, @12:08AM

        by MostCynical (2589) on Saturday August 25 2018, @12:08AM (#726089) Journal

        Nothing to hide, othing to be afraid of.

        Well, now they have nothing that isn't hidden. Close enough!

        --
        "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 2) by SomeGuy on Friday August 24 2018, @10:25PM (4 children)

    by SomeGuy (5632) on Friday August 24 2018, @10:25PM (#726047)

    So anyone got a torrent link? :P

    • (Score: 2) by SomeGuy on Friday August 24 2018, @10:32PM (1 child)

      by SomeGuy (5632) on Friday August 24 2018, @10:32PM (#726053)

      Aw crap, now I notice the post above screws the context of my joke. The point is this data is certain to contain lots of stuff that could be used for blackmail, embarrassment, fraud, or such, and THIS TIME there is only the grace of the researcher that prevents this data from being downloadable in bulk to every last person on the planet.

      • (Score: 2) by takyon on Saturday August 25 2018, @12:21AM

        by takyon (881) <{takyon} {at} {soylentnews.org}> on Saturday August 25 2018, @12:21AM (#726090) Journal

        I wonder what the breakdown is on whether white hats or black hats get to this stuff first. Because we've heard of plenty of security holes like this one that *potentially* left data accessible, but is apparently detected by a security researcher or the company first. Or at least, the stuff isn't just dumped online somewhere... yet.

        --
        [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 2) by janrinok on Saturday August 25 2018, @06:39AM (1 child)

      by janrinok (52) on Saturday August 25 2018, @06:39AM (#726159) Journal
      I've checked the links in TFS and they all point to where they should - no torrents. Can you provide more details please?
      • (Score: 2) by janrinok on Saturday August 25 2018, @06:40AM

        by janrinok (52) on Saturday August 25 2018, @06:40AM (#726161) Journal
        Disregard - I only had to read a few more comments to see that it has all be resolved. JR
  • (Score: 0) by Anonymous Coward on Sunday August 26 2018, @04:51AM

    by Anonymous Coward on Sunday August 26 2018, @04:51AM (#726447)

    "There is currently 3,666 tracked phones."

    Do you see it?
      "There is[sic] currently 3,666 tracked phones."
    ARE

(1)