The reports of a FlexiSPY ‘hack’ have been greatly exaggerated, but first, some context.<\/p>\n
The report was broken by a blogger who \u2014 as evidenced by intercepted communication from a recovered twitter account \u2014 had a 6-week exclusive agreement with an obsessed criminal ‘hacker’ to document the scheduled\u00a0“burning to the ground” of FlexiSPY. An unidentified and clearly disgruntled ex-employee is also featured in the very first report.<\/p>\n
These intercepted communications also show that the criminal \u2014 who has gone by the Twitter handle @dontfeelsecure \u2014 also offered to provide, in his own words, “raw data”, belonging to children and employers to a German reporter.<\/p>\n
Yet, the story is unusual and almost extraordinary on many levels.<\/p>\n
From the premeditated collusion of criminal and blogger to the ad hominem and virtue-signaling justifications used by both the criminal and employee \u2014 something did not seem to add up.<\/p>\n
Which is why we have waited until we believed all the data that was promised to be leaked to the blogger was available.<\/p>\n
Assuming that we have reached that point, we can state that through examining the data that was leaked by the criminal \u2014 we find no evidence of a Customer Monitoring Data (CMD)\u00a0breach. The leaks that do exist are very old internal company documents archives, including anonymous newsletter subscriber email lists. More on these lists later on.<\/p>\n
For clarification, CMD data is collected from customer devices and is totally different to internal documents \u2014 which are kept on a completely separate physical and security domain, and are accessed by employees with authorization levels<\/p>\n
A series of stories written by the blogger then followed \u2014 including statements from FlexiSPY customers who appear to have been identified \u2014 not by the loss of CMD, but instead by the use of phishing emails sent to mailing list subscribers from entities connected to the collusion.<\/p>\n
In other words, this is a leak of internal documents, not a wholesale hack into the customer monitoring data.<\/p>\n
Like most prudent companies who need to track internal documents, we have extensive Employee Monitoring Software installed on the employee network \u2014 and from this system\u00a0 we have ascertained that an ex-employee used an unauthorized MacBook to install tools and copy files. The employee has been identified and details have been passed to the police.<\/p>\n
To our customers \u2014 your monitoring data was never at risk \u2014 and it was only company archives that were stolen as a result of insider theft by a disgruntled employee. In addition, using the evidence available and applying the Occam’s Razor principle \u2014 we believe that the ex-employee and the hacker are one and the same.<\/p>\n
However, we are far from complacent, and we want to assure our customers that this incident has energized us to look at our internal security. We have improved our systems \u2014 adding multiple subnet isolation, implementing across the board two-factor authentication and deploying employee monitoring integrated biometric authentication for all applications and websites \u2014 as well as an ongoing bug bounty program open to white hat hackers.<\/p>\n
As hundreds of companies from Apple to Citibank and Netflix who have actually been hacked will testify \u2014 the Internet is a jungle and breaches are a not a matter of if, but when. Experts and victims alike will tell you that while the majority of cyber-attacks are from outside \u2014 it\u2019s the insider threat that causes the most damage.<\/p>\n
This should be a wake-up call for all businesses who hold customer data but feel that insider theft is not a likely scenario for them.<\/p>\n
To discourage future criminals \u2014 we are announcing a $50,000 USD reward for information that results in the conviction of the criminal. If you have any verifiable evidence as to the identity of the hacker, and proof of his actions, please get in touch and help us bring him to justice.<\/p>\n
While the criminal may be entitled to his own opinions, he is not entitled to his own facts \u2014 and it is a fact that FlexiSPY products are legal. He is certainly not entitled to break the law, potentially placing the lives of Parents, Children, Employers and Employees in danger, simply to settle an imaginary score.<\/p>\n
Which brings us to this blogger and his narrative of a shadowy company enabling domestic violence being brought to justice by a noble cyber vigilante. This narrative \u2014 formed by blending historical FlexiSPY marketing, clickbait headlines, mock outrage, anonymous sources, slurs, and insinuations \u2014 designed to transform a niche interest story of insider theft, into a piece of pulp fiction.<\/p>\n
To be fair, the perennial question of our historical advertising is the only thing the media enquiries we receive seem to care about \u2014 and we give the same reply.<\/p>\n
We are against domestic violence, stalking or any other nefarious use and the majority of our users subscribe for legitimate reasons. Like any tool, FlexiSPY can be misused, and in those cases, like Google and Apple, we have worked with law enforcement to assist them with their inquiries, as long as they have the appropriate legal justification.<\/p>\n
We have never denied our historical website advertising \u2014 which addressed issues of genuine concern to large conservative and Christian groups that prohibit infidelity \u2014 but the fact is that this advertising was dropped a long time ago and no longer exists.<\/p>\n
However, the current reality of our products and marketing do not suit the blogger’s needs. They continue to frame stories with this fake narrative and are now relegated to relying on old screen grabs, google caches and vestigial pages to justify their positions.<\/p>\n
What these people do is their business, but it is our silence that has allowed their falsehoods to go unchecked.<\/p>\n
We therefore challenge anyone throwing around accusations, or indulging in name calling \u2014 if you truly believe we’re doing something illegal, then provide us with a factual legal argument from a competent authority, or STFU.<\/p>\n","protected":false},"excerpt":{"rendered":"
The reports of a FlexiSPY ‘hack’ have been greatly exaggerated, but first, some context. The report was broken by a blogger who \u2014 as evidenced by intercepted communication from a recovered twitter account \u2014 had a 6-week exclusive agreement with an obsessed criminal ‘hacker’ to document the scheduled\u00a0“burning to the ground” of FlexiSPY. An unidentified […]<\/p>\n","protected":false},"author":21,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129],"tags":[],"class_list":["post-15179","post","type-post","status-publish","format-standard","hentry","category-latest-news"],"_links":{"self":[{"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/posts\/15179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/comments?post=15179"}],"version-history":[{"count":20,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/posts\/15179\/revisions"}],"predecessor-version":[{"id":15199,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/posts\/15179\/revisions\/15199"}],"wp:attachment":[{"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/media?parent=15179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/categories?post=15179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.flexispy.com\/it\/wp-json\/wp\/v2\/tags?post=15179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}