It's normal for parents to worry about what their young children and teens are doing online, as horror stories about cyber bullying, children being preyed on by sexual predators, and even excessive online shopping are all too common in the news.
Therefore, it's natural that many parents out there have been attracted to products such as mSpy, a software program that can "spy" on the online activity of your children—or even, according to some reports, your significant other or spouse. The program can track which websites have been visited, any monetary transactions, chats or text messages, emails and more, including location data such as where you have been.
If you're wondering whether or not such a program can expose one to identity theft or the breach of their personal information—well, many experts will say, you're right to be worried.
Around mid-May, news reports of a possible data breach of mSpy's systems began to circulate.
The cyber security news site Krebs on Security reported that a massive data breach had taken place recently, and the personal Internet activity of roughly 400,000 mSpy users had been posted to the "Deep Web" through a "Tor-based" website. Tor is a technology that helps users hide their true Internet address and allows users to host websites that are extremely difficult to get taken down, according to Brian Krebs.
Krebs reported that a screenshot of the Tor-based web page on the Deep Web had been sent to them, indicating that data from around 400,000 users was being hosted on the site, including countless emails, text messages, payment information, and location data for the users.
BBC World News also reported the alleged data breach, but interviewed mSpy representatives who claimed the company was the victim of a "predatory attack." A representative reportedly told BBC News that a message had been sent to the company claiming that the data had been accessed, and declaring that if they were not paid a ransom, the users' data would be posted online.
The mSpy representative told BBC News the company had refused to pay the ransom, but also insisted the data had not actually been accessed. The employee also insisted that mSpy's security was top-notch, and that it was doubtful that it could be breached at all, as well as pointing out that the mSpy program does not collect as much personal data for its users as the blackmailers claimed.
In response to mSpy's denial, Krebs said that it had worked with a "skilled and trusted researcher," and had actually downloaded all of the breached data from the Tor-based website, and cross-referenced it, leading them to say they were "confident" that all of the data was that of mSpy's users.
All of this begs the question—does spy software such as mSpy and other similar programs put your personal information at risk?
Many security experts say, yes—especially spyware programs that can be "remotely installed," meaning the person doesn't even need physical access to a device in order to install the spyware on it.
"While there are certainly legitimate uses for monitoring software, we find it hard to believe there is any legitimate scenario where a parent or employer would need to use remote installation to install a monitoring program," says the team at FaceTime Security Labs. "Make no mistake—spyware can certainly be used to illegally obtain your personal information."
The experts at WebRoot explain that some spyware can even record your keystrokes, enabling the installer to obtain your passwords and collect other personal information, which can allow them to commit credit card fraud and online identity theft in your name, or even to sell your personal information to other thieves.
"Spyware is often at the root of this malicious activity," the team at WebRoot says.
WebRoot has these tips for how to prevent yourself from becoming a victim to online identity theft or spyware:
Use antivirus protection, antispyware software, and a firewall. Installing such programs on your computers or other devices can often effectively thwart any spyware, malware or hackers trying to access your electronics.
Practice safe email protocol. Don't open any emails from unknown senders. Immediately delete (without first opening) any emails you suspect to be spam. Only download software from sites you trust—carefully evaluate free software and file-sharing applications before downloading them.
Update your software regularly to get the latest security patches. Yes, it can be very inconvenient when that little pop-op screen interrupts your work session or Web surfing to tell you there are software updates available for your computer, but that you have to close all open applications in order to install them—just remember, these software updates often include security patches that can help save you from spyware, hackers and potential identity thieves. So, you should always take the time to run the update.
Use public computers with extreme caution. Nowadays, most people have smartphones, so it's not as common as it once was, but still, it bears saying—don't use public computers to log on to email or make online purchases unless absolutely necessary. Due to their nature, most public computers at Internet cafes, public libraries, schools and the like have most of their firewalls and security software disabled to allow hundreds of different people to access any sites they need.
Consider investing in top-of-the-line antispyware protection. As the experts at WebRoot say, "While free antispyware downloads are available, they just can't keep up with the continuous onslaught of new spyware strains. Previously undetected forms of spyware can often do the most damage to your [computer], so it's critical to have up-to-the-minute, guaranteed online identity theft protection. A good antispyware program searches every place on your [computer] where spyware can hide, and removes every trace to boost your [computer's] performance."