SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users

SpyX, a consumer-grade spyware operation, experienced a significant data breach in June 2024, affecting nearly 2 million users, including thousands of Apple customers. The breach exposed sensitive information such as email addresses, IP addresses, device information, and notably, plaintext Apple account usernames and passwords. Approximately 40% of the compromised email addresses were already listed on the data breach notification service Have I Been Pwned, highlighting the breach's severity. This incident marks the 25th data breach in the mobile surveillance industry since 2017, underscoring the ongoing risks posed by such spyware applications. The operators of SpyX have not publicly notified affected users or responded to inquiries regarding the breach. Troy Hunt, who oversees Have I Been Pwned, classified the breach as 'sensitive,' allowing only affected individuals to check if their data was compromised.