A hacktivist just turned the tables on half a million people who paid to spy on others. More than 536,000 payment records from customers of phone surveillance apps like uMobix, Xnspy, and Geofinder hit the open web this week, exposing email addresses and partial card numbers of people who bought access to stalk spouses, partners, and family members. The breach highlights how stalkerware vendors - companies that profit from illegal surveillance - can't even secure their own customer data.
The surveillance industry just got surveilled. A hacktivist going by 'wikkid' published more than 536,000 customer payment records from a network of stalkerware apps, exposing the people who paid to spy on others through phone tracking and social media monitoring services.
The leaked data comes from Struktura, a Ukrainian company operating behind the U.K.-facing brand Ersten Group. The company runs a portfolio of surveillance products including uMobix and Geofinder for phone tracking, Peekviewer for accessing private Instagram accounts, and Xnspy - a notorious stalkerware app that already spilled data from tens of thousands of victims' phones back in 2022.
According to the hacktivist who spoke with TechCrunch, they exploited a 'trivial' bug in the vendor's website to scrape the entire customer database. "I have fun targeting apps that are used to spy on people," wikkid told reporters before dumping the data on a known hacking forum.
The exposed records contain customer email addresses, which specific surveillance app they purchased, payment amounts, card types like Visa or Mastercard, and the last four digits of payment cards. While the dataset doesn't include transaction dates, it represents years of customer activity from people who paid to secretly monitor others' phones and social media accounts.
TechCrunch verified the authenticity of the breach through multiple methods. Reporters tested disposable email addresses from the dataset using public inbox services like Mailinator, then ran them through password reset portals for the various surveillance apps. All tested accounts were real and active.
But the verification revealed an even bigger security problem. The surveillance vendor's checkout pages allowed anyone to retrieve full customer and transaction data using just an invoice number - no password required. By matching unique invoice numbers from the leaked dataset to the checkout system, reporters confirmed the data's legitimacy while exposing yet another gaping security hole.
This isn't an isolated incident. Over the past several years, dozens of stalkerware apps have been hacked or have leaked data from both customers and victims. The pattern reveals a dark irony: companies selling surveillance tools consistently fail at basic cybersecurity.
Stalkerware apps like uMobix and Xnspy work by being secretly installed on someone's phone, then continuously uploading the victim's call records, text messages, photos, browsing history, and precise GPS location to servers controlled by whoever planted the app. The companies behind these products explicitly market them for spying on spouses and domestic partners - activities that are illegal under federal wiretapping laws.
The Ukrainian connection adds another layer to the story. While Struktura operates from Ukraine, it masks its identity behind Ersten Group, which presents itself as a U.K. software development startup. The two companies share identical websites, and the earliest transaction record in the leaked dataset belongs to Struktura CEO Viktoriia Zosim - a $1 test payment.
Neither Ersten Group representatives nor Zosim responded to requests for comment about the breach. The silence is typical for an industry that operates in legal gray areas while profiting from relationship abuse and domestic surveillance.
The breach exposes not just customer data but the scale of the stalkerware economy. Over half a million transaction records suggest a thriving market for phone surveillance tools, despite their illegality and the mounting evidence of security failures. Each record represents someone who paid to secretly monitor another person's digital life.
For victims of stalkerware, this breach offers little comfort. While it exposes the buyers of surveillance tools, it doesn't help people discover if their own phones are compromised. The apps remain difficult to detect, often hiding under generic system names while continuously uploading private data.
The hacktivist's motivation - targeting "apps that are used to spy on people" - represents a growing trend of activists targeting surveillance vendors. Unlike typical data breaches motivated by financial gain, these attacks aim to expose and disrupt companies profiting from illegal monitoring.
Security researchers have long warned about the dual risks of stalkerware: the privacy violations against victims and the poor security protecting sensitive data on both sides. This breach proves both points simultaneously, exposing customer payment information while highlighting the broader failure of surveillance vendors to implement basic security practices.
The industry's track record speaks for itself. Xnspy's 2022 breach exposed victim data from tens of thousands of compromised devices. Other stalkerware apps have leaked location data, private messages, and photos from people who never consented to surveillance. Now the customers themselves face exposure.
As stalkerware vendors continue operating despite legal challenges and security failures, breaches like this one serve as warnings about the risks on all sides of illegal surveillance. Whether you're planting the app or getting monitored, your data isn't safe with companies that build their business model on secrecy and exploitation.
This breach captures the surveillance industry's central contradiction: companies that profit from secretly monitoring others can't secure their own systems. Over 536,000 customers who paid to spy on spouses and partners now face exposure themselves, while the stalkerware vendors behind apps like uMobix and Xnspy continue operating despite years of security failures. For an industry built on secrecy, the constant stream of breaches reveals that nobody's data is safe - not the victims being monitored, and not the customers paying for illegal surveillance. As hacktivists increasingly target these vendors, the message is clear: if you're going to spy on people, expect to get exposed yourself.
