[BreachExchange] A Week Later, Hacked Spyware Vendors Haven't Warned Their 130, 000 Customers

[Audrey McNeil]

https://motherboard.vice.com/en_us/article/a-week-later-
hacked-spyware-vendors-havent-warned-their-130000-customers

Tens of thousands of people are in the dark.

Motherboard recently reported hackers had targeted two companies that sell
spyware to the everyday consumer—Retina-X and FlexiSpy. Hackers made off
with a mix of over 130,000 customer records, as well as company documents
and even text messages and photos captured by Retina-X's malware.

A week later, and affected customers say neither company has informed them
about the data breaches, with one company allegedly telling staff to lie to
victims who inquired about the hack.

Ten FlexiSpy and Retina-X customers told Motherboard via email that they
had not received any notifications about the hacks.

"Your email is the first I've heard of this," one Retina-X customer said.

"No, PhoneSheriff [one of Retina-X's products] has not told me anything
about it," said another.

One person was even a customer of both Retina-X and FlexiSpy.

"I haven't received any notification or communication from either company
about their data breaches or the fact that my details were compromised,"
the customer said.

Both companies sell malware marketed to monitor children or employees, and
in FlexiSpy's case, to spy on spouses. However, consumer malware has
repeatedly appeared in cases of domestic violence.At least in Retina-X's
case, the lack of customer outreach doesn't appear to be down to
incompetence. An alleged email obtained by Motherboard seems to show a
Retina-X employee telling staff not to inform customers about the hack,
even when specifically asked for details.

"If any visitor asks if we have been hacked, then let them know this: Our
server was not wiped because of a hack. We had a corrupted OS due to a hard
disk failure. The drive had to be reformatted and reloaded for the server.
Everything is running fine," the employee, called Arun, writes. Motherboard
verified that the mail server mentioned in the email's headers was accurate.

A Retina-X customer support representative gave that exact same response
during a live chat, according to someone who posed as a customer and asked
about the hack.

"Please make sure you all are aware of the appropriate response. The
response is only for those who specifically mention a 'hack' or 'data
breach'. A simple mention of downtime or inability to login should NOT
receive this response. Please make sure that the response is not sent to
someone who did not specifically mention the word 'hack' or 'data breach',"
the email continues. When a hacker wiped Retina-X's servers in around
February, Retina-X posted a warning to customers, claiming that the company
had suffered a hardware failure.

Neither Retina-X or FlexiSpy responded to a request for comment on Tuesday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170427/bcfa7c8e/attachment.html>