GoKawiilThere is a whole shady industry for people who want to monitor and spy on their families. Multiple app makers promote and advertise their software — often referred to as stalkerware — to jealous partners who can use these apps to access their victims’ phones remotely.
Yet, despite how sensitive this personal data is, an increasing number of these companies are losing huge amounts of it.
According to TechCrunch’s ongoing tally, including the most recent data spill involving uMobix, there have been at least 27 stalkerware companies since 2017 that are known to have been hacked, or leaked customer and victims’ data online.
That’s not a typo. Dozens of stalkerware companies have either been hacked or had a significant data exposure in recent years. And at least four stalkerware companies were hacked multiple times.
The makers of uMobix and associated mobile tracking apps, like Geofinder and Peekviewer, are the latest stalkerware provider to expose sensitive customer data, after a hacktivist scraped the payment information of more than 500,000 customers and published them online. The hacktivist said they did this as a way to go after stalkerware apps, following in the footsteps of two groups of hacktivists who broke into Retina-X and FlexiSpy almost a decade ago.
The uMobix data leak comes after last years’ breach of Catwatchful, which was used to compromise the phone data of at least 26,000 victims. Catwatchful was just one of several stalkerware incidents in 2025, which included SpyX, and the data exposures of Cocospy, Spyic, and Spyzie surveillance operations, which left messages, photos, call logs, and other personal and sensitive data of millions of victims exposed online, according to a security researcher who found a bug that allowed them to access that data.
Prior to 2025, there were at least four massive stalkerware hacks in 2024.
The last stalkerware breach in 2024 affected Spytech, a little-known spyware maker based in Minnesota, which exposed activity logs from the phones, tablets, and computers monitored with its spyware. Before that, there was a breach at mSpy, one of the longest-running stalkerware apps, which exposed millions of customer support tickets, which included the personal data of millions of its customers.
Previously, an unknown hacker broke into the servers of the U.S.-based stalkerware maker pcTattletale. The hacker then stole and leaked the company’s internal data. They also defaced pcTattletale’s official website with the goal of embarrassing the company. The hacker referred to a recent TechCrunch article where we reported pcTattletale was used to monitor several front desk check-in computers at a U.S. hotel chain.
As a result of this hack, leak, and shame operation, pcTattletale founder Bryan Fleming said he was shutting down his company. Earlier this year, Fleming pled guilty to charges of computer hacking, the sale and advertising of surveillance software for unlawful uses, and conspiracy.
... continue reading