INFOSEC IN BRIEF Commercial spyware maker mSpy has been breached – again – and millions of purchasers can be identified from the spilled records.mSpy showed up on Have I Been Pwned on July 11, with the site revealing hacktivists were responsible for the theft of millions of Zendesk support tickets from buyers unable to use the software.mSpy is commercially marketed for applications including allowing parents and partners to spy on their family members. Available as a smartphone app, it is generally termed a "stalkerware" app."Comprising 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos," the mSpy entry on Have I Been Pwned reads. The site attachments included screen grabs of financial transactions, photos of credit cards and even some nude selfies.Several folks included in the breach list have been contacted and the legitimacy of their data verified, it's been reported elsewhere.mSpy was previously breached in 2015, with some 400,000 users' data published on the dark web – messages, payment details, account credentials, photos and more were dumped online. The company was breached again in 2018, resulting in several million more customer records being exposed.mSpy is not the only stalkerware company to suffer a data breach: LetMeSpy was hit so hard in 2023 it shut down, and the same fate befell pcTattletale, which closed up shop earlier this year after a similar experience.