Retina-X 2017 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
Retina-X Stalkerware Provider Breach (2017): 71K Operator Accounts Including Passwords Exposed
Monitoring and spyware software company
Verified by ObscureIQ Intelligence
54/100Breach Risk Index
40Data Value
10Market Recency
3284dSince Breach
Breach Intelligence Summary
Entity: Retina-X · Actor: Anonymous hacker (specifically targeted Retina-X for stalkerware product use) · Sources: 2 references
Attack: Misconfiguration
Profile: Spyware / Stalkerware · Covert device monitoring and surveillance · Mobile spyware platform · Global
Timeline: Breach (2017-02-23) · Indexed (Apr 30, 2017) · Year (2017)
Exposure: 71K records · 2 fields: Email Address, Password
Status: Confirmed
Executive Summary
Retina-X Studios, a Florida-based developer of mobile device monitoring applications later classified by the Federal Trade Commission as stalkerware, was breached in February 2017. The hacker, who told reporters they had targeted Retina-X specifically because of how the company's products were being used, gained access to Retina-X's cloud storage by extracting unencrypted credentials from the TeenShield Android application package. The attacker accessed customer accounts and the surveillance data Retina-X's products had collected, deleted material from company servers, and was the subject of a Motherboard investigation that publicly disclosed the incident in April 2017.\n\nThe exposed dataset is best understood in two layers. The first layer covers approximately 71,000 customer email addresses paired with passwords stored as unsalted MD5 hashes, representing the operator accounts of people who had purchased the surveillance apps. The second layer covers data the stalkerware itself had harvested from monitored devices, including GPS locations, text messages, photos, contacts, login credentials, and screenshots of activity captured from the phones being spied on. A second hack in 2018 followed the same pattern.\n\nThe risk profile is distinct from a typical breach because the people whose data was most severely exposed are not the ones who held accounts. Surveillance targets, including domestic-violence victims and others on whose phones the apps had been installed without their knowledge, had highly intimate communications and location data made accessible. The Federal Trade Commission settled an enforcement case against Retina-X and its owner James N. Johns Jr. in October 2019, the agency's first stalkerware action, banning the company from selling its products unless safeguards against covert use were implemented. Anyone who suspects their device may have run Retina-X apps should consult domestic-violence advocates and law enforcement before taking action, since abrupt removal can alert an abuser.
ObscureIQ assessment: Dual-layer risk. Operator exposure enables account takeover and identification of surveillance actors. More critically, platform compromise may expose monitored individuals, creating severe privacy violations, blackmail risk, and real-world safety concerns.
Breach Impact
The institutional impact of the Retina-X breaches was severe and effectively terminal. The 2017 and 2018 attacks exposed both the company's customer base and the surveillance data its products had collected, which contradicted explicit privacy promises in its marketing materials. The hacker behind both incidents wiped Retina-X servers and made public statements expressing solidarity with the surveillance targets the apps had been used to spy on. The Federal Trade Commission cited the breaches as central evidence of the company's failure to secure data and brought the first U.S. stalkerware enforcement action. Retina-X stopped selling its products in April 2018 and accepted permanent restrictions on its business.
About Retina-X
Retina-X Studios LLC was a Florida-based developer of mobile device monitoring applications, marketed as parental and employee surveillance tools. The company sold three principal products: MobileSpy, PhoneSheriff, and TeenShield, all designed to run covertly in the background of an installed mobile device while transmitting the device's text messages, GPS locations, photos, contacts, browser history, and call records to an operator-controlled dashboard. The Federal Trade Commission and digital-rights researchers ultimately classified Retina-X products as stalkerware, citing the apps' covert installation, removal of icons from device screens, and design suitability for use without the monitored individual's knowledge.
Why They Hold Your Data
Handles operator account data, including credentials and account management details, as well as indirect access pathways to monitored device data such as communications, location, and activity logs.
Recent Developments
The Federal Trade Commission filed and settled a complaint against Retina-X and its owner James N. Johns Jr. in October 2019, marking the agency's first enforcement action against a stalkerware vendor. Retina-X was barred from selling its monitoring apps unless purchasers attest the products will be used for legitimate purposes, and the company was required to design installation flows that maintain device security. By the time of the settlement, Retina-X had already announced an indefinite shutdown following a second hack in 2018. The Retina-X case has since become a reference point in regulatory and advocacy work targeting the broader stalkerware industry.
Data Points Exposed
2 verified field types
Email Address
Password Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Moderate
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Phishing, credential stuffing & account takeover
- Credential stuffing & account takeover
Threat Actor: Anonymous hacker (specifically targeted Retina-X for stalkerware product use)
Anonymous hacker (specifically targeted Retina-X for stalkerware product use)
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Retina-X breach?▾
Retina-X Studios, a Florida-based developer of mobile device monitoring applications later classified by the Federal Trade Commission as stalkerware, was breached in February 2017. The hacker, who told reporters they had targeted Retina-X specifically because of how the company's products were…
What data was exposed?▾
Verified fields include Email Address, Password.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation