Spyzie 2024 Data Breach

Spyzie Mobile Stalkerware Breach (2024): 519K Operator Email Addresses Exposed :: Part of Cocospy/Spyic Stalkerware Family | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

n/a (anonymous researcher disclosure via TechCrunch)MisconfigurationSpywareEmail Address
High SeverityWebsite / service breach

Spyzie Mobile Stalkerware Breach (2024): 519K Operator Email Addresses Exposed :: Part of Cocospy/Spyic Stalkerware Family

Mobile stalkerware platform enabling covert monitoring of target devices.

Verified by ObscureIQ Intelligence
75/100Breach Risk Index
40Data Value
25Market Recency
424dSince Breach

Breach Intelligence Summary

Entity: Spyzie · Actor: n/a (anonymous researcher disclosure via TechCrunch) · Sources: 2 references
Attack: Misconfiguration
Profile: Spyware / Stalkerware · Covert device monitoring and surveillance · Mobile spyware platform · Global
Timeline: Breach (2024-02-22) · Indexed (Feb 27, 2025) · Year (2024)
Exposure: 519K records · 1 fields: Email Address
Status: Confirmed

Executive Summary

Spyzie, a mobile stalkerware application sharing source code with sibling applications Cocospy and Spyic, suffered a data breach disclosed publicly on February 27, 2025 by TechCrunch following the previous week's disclosure of the underlying shared vulnerability across the three-platform sibling chain. The breach was enabled by a security vulnerability that allowed any party to access the email addresses of customers and the surveillance data captured on monitored devices, with the underlying flaw reported as so trivial to exploit that TechCrunch and the involved security researcher declined to publish the specific details. The researcher exploited the vulnerability to scrape Spyzie customer email addresses and provided the dataset to Have I Been Pwned, which indexed it on February 27, 2025. The breach affected approximately 518,643 unique Spyzie customer email addresses based on records indexed by Have I Been Pwned. Compromised customer fields were limited to email addresses for purposes of HIBP indexing, but the underlying vulnerability also enabled unauthorized access to captured surveillance data including messages, photos, call logs, and real-time location data from monitored devices. The earliest Spyzie iPhone surveillance records dated back to early 2020. Combined with the sibling Cocospy and Spyic disclosures, the trio breach exposed approximately 3.2 million customer email addresses across all three platforms. For surveillance targets and customers alike, the practical risk profile is exceptionally severe and varies between the two populations. For surveillance targets (the people whose devices were being monitored), the breach exposed live and historical device data captured by the spyware, with the U.S. National Domestic Violence Hotline (1-800-799-7233) and the Coalition Against Stalkerware providing resources for individuals who suspect they may have been monitored. Android users can detect Spyzie installations by entering ✱✱001✱✱ on the Android phone dialer and pressing call, which exploits a built-in backdoor feature to reveal the otherwise-hidden application; victims should establish a safety plan before removal because disabling the application may alert the person who installed it. For iPhone and iPad users, Spyzie worked by exploiting the victim's Apple Account credentials to access iCloud-stored device backups, and victims should ensure two-factor authentication on their Apple Account and review and remove unrecognized devices from their account. For customers, inclusion in the dataset confirms participation in a stalkerware operation that has now ceased operation, with potential employment, relationship, and legal consequences depending on the jurisdiction and the consent status of the surveillance target.

ObscureIQ assessment: Extremely sensitive. Exposure can reveal victims, operators, and surveillance patterns, enabling coercion, stalking, and severe privacy harm.

Breach Impact

The institutional impact on Spyzie and the FamiSoft Limited operator group was effectively terminal. The Spyzie application and the operator's broader stalkerware portfolio were taken offline, and the websites disappeared. The case has been widely cited in stalkerware-industry coverage as illustrating both the consistent pattern of operator silence following disclosure and the broader operator-portfolio approach used by stalkerware vendors to maintain multiple parallel brands sharing a single underlying codebase. The reputational impact concentrated within the broader stalkerware industry. The case has been counted by TechCrunch as among the 25 known stalkerware operations breached since 2017, alongside Cocospy and Spyic from the same operator chain.

About Spyzie

Spyzie was a mobile stalkerware application targeting both Android and iPhone devices, marketed primarily as parental-monitoring software with the tagline '100% hidden and invisible so you never get caught.' Spyzie operated as one of three near-identical sibling stalkerware applications (alongside Cocospy and Spyic) that shared substantially the same source code under different brand names. Archived records of the Spyzie website indicated that the platform was operated by FamiSoft Limited, an entity that also produced an additional youth-targeted application called Teensafe and a portfolio of related stalkerware brands including Spyier, Neatspy, Fonemonitor, Spyine, and Minspy. Spyzie claimed more than 1 million users in over 190 countries before the breach. Capabilities included covert collection of browser history, WhatsApp messages (including deleted messages), Facebook messages, call logs, and real-time device data.

Why They Hold Your Data

Spyware platforms collect customer records, target-device identifiers, monitoring settings, and exfiltrated activity data tied to covert mobile surveillance.

Recent Developments

Spyzie was taken offline in approximately May 2025 along with sibling stalkerware applications Cocospy and Spyic following the February 2025 breach disclosure. The Spyzie website disappeared, the application stopped functioning, and the FamiSoft Limited operator group's other stalkerware brands (Teensafe, Spyier, Neatspy, Fonemonitor, Spyine, Minspy) were also taken down concurrently. The case was reported by TechCrunch in late February 2025 after the original Cocospy and Spyic disclosure had already been published the previous week, with the security researcher subsequently confirming that Spyzie shared the same easily-exploitable vulnerability. The breach was indexed by Have I Been Pwned on February 27, 2025. Spyzie operators did not respond to TechCrunch requests for comment and have not publicly acknowledged the breach or shutdown.

Data Points Exposed

1 verified field types
Email Address

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover

Threat Actor: n/a (anonymous researcher disclosure via TechCrunch)

n/a (anonymous researcher disclosure via TechCrunch)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Spyzie breach?

Spyzie, a mobile stalkerware application sharing source code with sibling applications Cocospy and Spyic, suffered a data breach disclosed publicly on February 27, 2025 by TechCrunch following the previous week's disclosure of the underlying shared vulnerability across the three-platform sibling…

What data was exposed?

Verified fields include Email Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation