It’s been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company’s customers had stolen from other peoples’ phones (including their kids’ phones) by installing the spying apps Phonesheriff on them.
Now, it’s happened again.
A hacker who uses the handle Precise Buffalo on a Mastadon server says they wiped a terabyte of data from Retina-X’s servers. Retina-X, who eventually admitted that they’d lied when they denied last year’s attack, have denied that an attack took place this year. Precise Buffalo presented compelling evidence to Motherboard that they had indeed taken over Retina-X’s servers (again).
Last year’s breach was possible because Retina-X distributed the necessary keys to download all its customers’ data with every copy of its app, meaning that parents who used the app to spy on their children also exposed their children to surveillance by everyone in the world.
“None of this should be online at all,” the hacker told Motherboard, claiming that he had deleted a total of 1 terabyte of data.“Aside from the technical flaws, I really find this category of software disturbing. In the US, it’s mainly targeted to parents,” the hacker said, explaining his motivations for going after Retina-X. “Edward Snowden has said that privacy is what gives you the ability to share with the world who you are on your own terms, and to protect for yourself the parts of you that you’re still experimenting with. I don’t want to live in a world where younger generations grow up without that right.”
A Hacker Has Wiped a Spyware Company’s Servers—Again [Lorenzo Franceschi-Bicchierai/Motherboard]