TL;DR: A hacktivist going by "wikkid" scraped 536,000 payment records from the company behind stalkerware apps uMobix, Geofinder, Peekviewer, and Xnspy. The data (customer emails, apps purchased, amounts paid, and partial credit card numbers) is now posted on a hacking forum. The company, Struktura, is a Ukrainian outfit that also operates under the name Ersten Group. This is the 27th known stalkerware company to be hacked since 2017. The surveillance industry can't even protect its own customers, let alone the people those customers are spying on.

What Happened

On February 9, 2026, TechCrunch reported that a hacktivist had scraped more than half a million payment records from Struktura, the company behind several consumer-grade phone surveillance apps [1].

The hacktivist, who uses the alias "wikkid," told TechCrunch they found a "trivial" bug on the company's website. That's all it took. One vulnerability, and 536,000 lines of customer data were pulled out and posted on a known hacking forum [1][2].

The leaked records include:

  • Customer email addresses
  • Which surveillance app they purchased
  • How much they paid
  • Whether they used Visa or Mastercard
  • The last four digits of their payment card

TechCrunch verified the data by matching invoice numbers against live accounts and testing password reset portals with exposed email addresses [2].

The Apps

The breached records cover purchases of at least four surveillance products:

  • uMobix: A full phone surveillance app. Once installed, it monitors calls, texts, social media, GPS location, dating apps, and browsing history. On Android, it can remotely activate the microphone to listen to surroundings in real time. It runs in stealth mode and doesn't show up in system files or running processes [3].
  • Geofinder: A phone location tracking service.
  • Peekviewer (formerly Glassagram): Claims to let users view private Instagram accounts without following them.
  • Xnspy: Another phone surveillance app with a history of security problems. Researchers previously found that Xnspy's developers left credentials and private keys embedded in the app's code, meaning anyone could access victims' data [4].

These apps market themselves as "parental control" or "employee monitoring" tools. But the stalkerware industry exists because people use these products to secretly track romantic partners, exes, and family members without consent. That's why hacktivist groups keep targeting them.

Ersten Group, Struktura, or Both

This is where it gets messy. The hacking forum listing names the surveillance vendor as "Ersten Group," which presents itself as a U.K.-based software development startup. But TechCrunch found that several email addresses in the leaked dataset, used for testing and customer support, reference Struktura, a Ukrainian company with a website identical to Ersten Group's [1].

Same product. Same infrastructure. Different name, different country. This kind of shell game is standard in the stalkerware industry, where operators routinely rebrand to dodge regulatory scrutiny and negative press.

Neither Ersten Group nor Struktura responded to TechCrunch's requests for comment [1].

27 and Counting

This isn't an isolated incident. According to TechCrunch's running count, at least 27 stalkerware companies have been hacked or had data leaked since 2017 [4]. Some of the biggest:

  • SpyX (June 2024): Close to 2 million accounts exposed, including thousands of Apple iCloud credentials. The company never notified customers or victims [5].
  • mSpy (May 2024): Attackers stole millions of customer support tickets going back to 2014, a decade of personal data, emails, and document attachments [6].
  • Cocospy, Spyic, Spyzie (2025): Exposed messages, photos, call logs, and personal data of millions of surveillance victims [4].
  • Spytech (2024): Activity logs from phones, tablets, and computers monitored with its spyware were leaked [4].

The pattern is consistent: companies that sell the ability to secretly monitor other people's devices have atrocious security practices for their own systems. The data of both the spies and the spied-upon ends up exposed.

Who Gets Hurt

Two groups of people are affected by every stalkerware breach, and their risks are very different.

The customers (the people who bought surveillance apps): Their email addresses and partial payment data are now public. In most cases, buying stalkerware to secretly monitor another adult is illegal: it violates wiretapping, computer fraud, and domestic violence statutes in most U.S. states and many countries. Getting identified in a leak like this could have legal, professional, and personal consequences.

The victims (the people being surveilled): This breach didn't directly expose victim data, but previous stalkerware breaches have. SpyX leaked iCloud credentials. Cocospy and Spyic leaked messages and photos from monitored devices. Every one of these companies stores surveillance data on their servers, and every one of them is a breach waiting to happen.

If someone installed stalkerware on your phone, the company watching you just got hacked. Your private messages, location history, and photos may be sitting on a server with a "trivial" bug in the front door.

What You Can Do

Check for Stalkerware on Your Phone

Android: Go to Settings > Apps > look for apps you don't recognize with broad permissions (camera, microphone, location, accessibility). Stalkerware often hides under generic names like "System Service" or "Phone Health." Check Settings > Security > Device Admin Apps for unknown entries.

iPhone: Check for unfamiliar MDM profiles under Settings > General > VPN & Device Management. Check if someone has access to your iCloud by reviewing Settings > [Your Name] > Devices.

Use a Stalkerware Detection Tool

The Coalition Against Stalkerware recommends tools like Lookout or Malwarebytes for Android devices. These can detect known stalkerware signatures.

If You're in an Abusive Situation

Removing stalkerware from your phone may alert the person who installed it. If you're in a domestic violence situation, contact the National Domestic Violence Hotline (1-800-799-7233) before taking action. They have trained tech safety advocates.

Lock Down Your Accounts

Change your iCloud and Google passwords. Enable two-factor authentication everywhere. Check which devices are signed in to your accounts and remove anything you don't recognize.

The Industry That Can't Protect Itself

Twenty-seven breaches in eight years. That's the stalkerware industry's track record. These companies ask customers to trust them with the most intimate data imaginable (texts, photos, location data, microphone recordings) from devices belonging to people who never consented to being monitored.

And they can't even keep a website from being scraped.

The "wikkid" hacktivist told TechCrunch they target apps "used for spying on people" [1]. This is part of a growing trend of hacktivists going after surveillance companies specifically: a digital version of watching the watchers.

But the deeper problem is that the stalkerware business model is broken at every level. The companies operate through shell corporations across jurisdictions to dodge accountability. The apps market as "parental monitoring" to stay in app stores. The data they collect sits on poorly secured servers. And when the inevitable breach happens, the victims (the people whose phones were tapped) are the last to know.

References

  1. TechCrunch - Hacktivist scrapes over 500,000 stalkerware customers' payment records (February 9, 2026)
  2. TechNadu - Stalkerware data breach: Hacktivist leaks over 530,000 customer records (February 10, 2026)
  3. Cybernews - uMobix review: A monitoring tool or a parental control app? (2026)
  4. TechCrunch - Hacked, leaked, exposed: Why you should never use stalkerware apps (February 9, 2026)
  5. TechCrunch - Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users (March 19, 2025)
  6. Malwarebytes - Dangerous monitoring tool mSpy suffers data breach, exposes customer details (July 2024)