Spytech, a Minnesota-based developer of remote-monitoring software publicly classified by researchers as stalkerware, suffered a data breach disclosed by TechCrunch on July 25, 2024. A source provided cybersecurity reporters with files taken from Spytech's servers, including device activity logs from the phones, tablets, and computers monitored through the company's products, with some records dated as recently as June 2024. TechCrunch verified the data as authentic by cross-checking activity logs corresponding to the company's chief executive, Nathan Polencheck, who had installed the spyware on one of his own devices.\n\nThe leaked dataset spans both layers of the company's platform. The first layer covers customer purchaser accounts, with the published dataset focusing on approximately 5,600 records of usernames, email addresses, names, passwords, purchase histories, browsing histories, and device information. The second layer covers data harvested by Spytech's products from monitored devices, including activity logs from more than 10,000 devices going back to 2013 across Windows, macOS, Android, and Chromebook platforms. Activity logs were stored unencrypted and included keystroke captures, browsing histories, application usage, screenshots, and precise geolocation data for Android devices.\n\nThe risk profile mirrors the dual-victim pattern of stalkerware compromises generally. Purchaser accounts can be linked to specific individuals who installed the apps on others' devices. Surveillance targets, often domestic-violence victims and others on whose phones the apps had been planted without consent, had communications, location, and browsing patterns made accessible. Anyone who suspects their device may have run Spytech apps should consult domestic-violence advocates and law enforcement before taking action, since abrupt removal can alert an abuser. The Coalition Against Stalkerware and the National Domestic Violence Hotline (1-800-799-7233) provide resources for those at risk.

Monitoring-software vendors collect customer identity, billing records, license data, support interactions, and product-linked records tied to surveillance and tracking tools.

Spytech remained operational following the July 2024 disclosure but did not publicly characterize the incident in detail. CEO Nathan Polencheck told reporters at the time that he was investigating and would take appropriate action; the company did not commit to notifying purchasers, surveillance targets, or U.S. authorities. The Spytech breach is one in a string of stalkerware-vendor compromises through 2024 and 2025, including pcTattletale, mSpy, TheTruthSpy, WebDetetive, and others. Federal Trade Commission and state attorney-general scrutiny of the broader stalkerware industry has continued to intensify, building on the 2019 Retina-X precedent and subsequent cases.