1. News
  2. Cybersecurity News

The Weekly Hack: Spy company accidentally rats out customers who paid to stalk others’ online habits

This September marks the Equifax hack’s first anniversary

Photo (c) ValeryBrozhinsky - Getty Images
Call it spy karma. A software company that allows people to secretly spy on others’ phone and internet activities accidentally released data about its own paying customers.

Security researcher Brian Krebs made the discovery, reporting that the company mSpy leaked data online belonging to “millions of paying customers.”

Passwords, call logs, text messages, contacts, location data, Apple iCloud usernames, and more were accessible online until Krebs says he reported the leak to the company.

It’s not the first time that user data has escaped mSpy’s grip. Hackers also accessed the company’s database and posted it to the Dark Web in 2015.

British Airways

British Airways announced today that hackers stole credit card information from nearly 400,000 customers two weeks ago. The breach, which occurred on August 21, has since been “resolved,” the company claims, though police are still investigating.

"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card,"  airline CEO Alex Cruz told the BBC.

All customers who purchased tickets between August 21 and September 5 should check their credit card statements. The airline claims that no passport information was accessed.

Happy hack-iversary

Exactly one year ago today, Equifax then-Chairman and CEO Rick Smith released a video blog and statement explaining that 143 million Americans were potentially affected by a “cybersecurity incident.”

The announcement did not go over well. American consumers, after all, do not necessarily want Equifax to have their information in the first place, but because good credit is necessary to buy a house, car, or take out a loan, the credit reporting industry can more or less do as it pleases.

In response to the controversy, Equifax offered to resolve the problem with several botched offers of “free” identity theft and credit monitoring to consumers. Later, the agency admitted that perhaps more data and several more millions of people were affected than they originally claimed.

Smith, who promised at the time to make “extraordinary changes” to how Equifax does business, retired two weeks later to the tune of $90 million, so his retirement anniversary is coming up soon as well.  Four executives who sold their stocks in Equifax shortly after the breach occurred will not face charges because they were not aware of the breach, the company has explained. Happy anniversary to everyone.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.