Parental control spyware app Family Orbit hacked, pictures of hundreds of monitored children were exposed

The company that sells the parental control spyware app Family Orbit has been hacked, pictures of hundreds of monitored children were left online.

The company that sells the parental control spyware app Family Orbit has been hacked, the pictures of hundreds of monitored children were left online only protected by a password.

According to Motherboard that first reported the news, the Family Orbit spyware left exposed nearly 281 GB of data online. The hacker discovered the huge trove of data that was stored on an unsecured server and reported the discovery to Motherboard. The hacker found the key on the cloud servers of the spyware app.

“A company that sells spyware to parents left the pictures of hundreds of monitored children online, only protected by a password that almost anyone could find, according to a hacker.states Motherboard.

“The hacker, who’s mainly known for having hacked spyware maker Retina-X, wiping its servers (twice), said he was able to find the key to the cloud servers of Family Orbit, a company that that marketsitself as “the best parental control app to protect your kids.” The servers contained the photos intercepted by the spyware, according to the hacker. The company confirmed the breachto Motherboard.”

Experts found a Rackspace with about 3,836 containers that also included video footages.

“I had all photos uploaded from the phones of kids being monitored, and also some screenshots of the developer’s desktops which exposed passwords and other secrets,” stated the unidentified hacker.

Motherboard also verified the data breach and stated that the data belonged to active users who used those email addresses to register to the service. Motherboard assessed 6 of the email addresses and concluded that the addresses were active.

The data was protected by an easy-to-guess password only. He found the key on the cloud servers of the spyware app.

The hacker who discovered the unprotected server is the same who hacked the server of another spyware, Retina-X, two times.

The company confirmed the data breach to Motherboard, its representative told Motherboard that the API key is stored encrypted in the app, and that the company observed “unusual bandwidth” used in their cloud storage.

“We have immediately changed our API key and login credentials. The sales and the services have been taken offline until we ensure all vulnerabilities are fixed,” the representative said via email.

The incident is not isolated, companies that sell spyware are a privileged target of hackers that protest against the abuse of technology for surveillance purposes.

In the last 18 months, other eight companies that sell spyware have been hacked, they are FlexiSpy, Retina-X, TheTruthSpy, Mobistealth, Spy Master Pro, Spyfone and SpyHuman.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase