We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

SpyX Data Breach Impacts Nearly 2 Million

SpyX Data Breach Impacts Nearly 2 Million
Author Image Husain Parvez
Husain Parvez First published on 23rd March 2025 Cybersecurity Researcher

SpyX, a consumer-grade spyware app marketed as parental monitoring software, has suffered a major data breach affecting nearly 2 million, including thousands of Apple users. The breach occurred in June 2024 but remained unreported until now, with no notification issued to affected users. The compromised data includes email addresses, device details, IP addresses, and in some cases, Apple credentials in plain text.

Security researcher Troy Hunt, who operates the breach notification service Have I Been Pwned, confirmed receipt of the breached data in the form of two text files containing 1.97 million account records. The vast majority of the email addresses were associated with SpyX, while nearly 300,000 were linked to clone apps Msafely and SpyPhone.

One of the files referenced iCloud in its name, and contained roughly 17,000 sets of plaintext Apple account usernames and passwords. After reaching out to affected users, Hunt confirmed that the credentials were valid, prompting him to share the list with Apple ahead of the breach being made public.

Apple, in a follow-up comment to TechCrunch, stated, “Fewer than 250 iCloud users were impacted, and we immediately secured their accounts.” However, SpyX did not respond to any inquiries sent via email or its listed WhatsApp number, which was found to be inactive.

This incident marks the 25th time since 2017 that a mobile surveillance app has been breached. Google responded by removing a Chrome extension tied to SpyX and reaffirmed that its platforms “clearly prohibit malicious code, spyware and stalkerware.”

The breach follows a pattern seen across the spyware landscape — in February, we reported that the makers of another spyware app, pcTattletale, were forced to shut down entirely after hackers breached their systems.

Hunt marked the SpyX breach as “sensitive” on Have I Been Pwned, meaning only impacted users can check if they were affected. This incident once again highlights the spyware industry’s repeated failure to secure user data and the serious privacy risks it continues to pose.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address

Accessibility menu
Content Adjustments
Adjust Font Size
100%
Color Adjustments
Tools
Accessibility Widget by Sienna