- Hacktivist “wikkid” exploited Struktura website bug to steal 536,000 customer records
- The data included names, emails, purchases and partial credit card details without payment dates.
- Consumer spyware providers exposed to leaks like Geofinder, uMobix, Peekviewer posted on hacking forum
More than half a million names, email addresses and partial credit card information were leaked when a hacktivist hit a developer of consumer harassment software.
Earlier this month, a hacker with the alias “wikkid” attacked the website of a company called Struktura. This is a Ukrainian software company that is supposedly behind multiple phone tracking services such as Geofinder, uMobix, Peekviewer and others. Speaking to TechCrunch, they said they discovered a “trivial” error on Struktura’s website, which allowed them to extract the supplier’s data.
In total, the hacktivist extracted 536,000 lines containing customers’ email addresses, what app or brand they purchased, how much they paid, what payment card they used (Visa or Mastercard), and the last four digits of the card. Payment dates were not found on file.
Fun aimed at spyware vendors
The publication managed to verify the authenticity of the data by triggering a password reset on accounts associated with public email addresses, as well as matching the unique invoice number of each transaction to the monitoring provider’s payment pages. “We were able to do this because the checkout page allowed us to retrieve the same customer and transaction data from the server without needing a password,” the post explained.
Wikkid said they had “fun targeting apps that are used to spy on people” and posted the file on a popular hacking forum. There, they listed the provider as Ersten Group, which describes itself as a UK software development startup.
So far Struktura representatives have not made any official statement about the incident.
Consumer spyware, or spousal software, is software (primarily mobile applications) that users can purchase and then silently install on mobile devices belonging to their spouses, partners, children, and other persons of interest.
Developers often advertise them as safety apps, primarily for monitoring children and people with special needs. However, these are almost always covers for quasi-legal espionage.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
