Spyware maker gets hacked, data reveals thousands of remotely controlled devices

Stalkerware Company Spytech Breached by Hackers

Facepalm: Stalkerware programs are often used to monitor, control, or track PC and mobile device users. While these tools may have legitimate uses by relatives or law enforcement, things can take a dangerous turn when a manufacturing company like Spytech is targeted by hackers.

Spytech Software, a company based in Minnesota known for producing monitoring programs like SpyAgent, has recently experienced a breach. DailyTech gained access to files taken from Spytech’s servers by unknown hackers, revealing the company’s activities and the devices targeted by its stalkerware products.

For over 24 years, Spytech has been offering monitoring software for concerned spouses and parents. The company boasts an “award-winning” solution that includes over 20 monitoring tools, claiming to be invisible, along with cloud and email-based remote activity logs. With SpyAgent, customers can allegedly monitor and respond to all activities on a computer.

Stalkerware programs are adept at hiding their presence, as evidenced by Spytech’s ability to infect various devices such as Android phones, Chromebooks, Mac systems, and PCs. The hacked data reveals information on more than 10,000 remotely controlled devices, dating back to 2013.

The compromised devices had their activities saved in logs on Spytech’s servers, with a majority being Windows-based PCs. Interestingly, the activity logs were not encrypted, allowing hackers to map the exact locations of compromised devices worldwide.

Most of the infected Android devices were found in Europe and the US, including those of Spytech executive Nathan Polencheck. When contacted, Polencheck claimed ignorance of the breach, but the data revealed his home address in Red Wing, Minnesota.

Spytech has yet to release a statement regarding the security breach, potentially leading to the need to inform customers and authorities. Similarly, another spyware manufacturer, pcTattletale, chose to shut down instead of disclosing their activities after a breach earlier this year.