FYI.

This story is over 5 years old.

Tech

Stalkerware Company FlexiSpy Calls Catastrophic Hack ‘Just Some False News'

In the aftermath of a damaging hack, the company is keeping it quiet.
Image: Borysevych.com/Shutterstock

This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones.


A company that has made a name for itself for marketing creepy surveillance software to jealous lovers—and was just badly hacked—is pretending nothing's happened.

This week, Motherboard revealed that two hackers had broken into two different companies that sell powerful cellphone surveillance technologies to thousands of ordinary people, such as lawyers, teachers, construction workers, parents, and jealous lovers. The hackers stole customers' data, including pictures of surveillance victims, records of the people who were spying on them, as well as some of the internal files of the two companies, FlexiSpy and Retina-X.

Advertisement

"It's just some false news."

At the end of their intrusions, the hackers tried to damage the two companies' operations by deleting data from its servers. On Monday, Leopard Boy, the hacker who hit FlexiSpy, said that with the help of another individual, he wiped several of FlexiSpy's servers and overwrote data on them, theoretically making it harder for the company to resume normal operations.

Read more: 'I'm Going to Burn Them to the Ground': Hackers Explain Why They Hit the Stalkerware Market

His claims seemed to be confirmed by the fact that several customers complained on social media that their FlexiSpy accounts weren't working anymore. One user asked: "When will you be back to normal?"

"I've spent two days trying to get in and I can't. Does anyone know why?" asked another.

FlexiSpy, however, blamed it all on "a temporary technical issue." And other than that vague statement, posted to the company's Facebook page, the company isn't talking.

Motherboard sent multiple emails to several of the company's email addresses. We also tried calling a number listed as belonging to FlexiSpy's founder, Atir Raihan; the person on the other end identified as Atir before claiming otherwise. A call to the company's 24/7 support number was answered by a pre-recorded message saying the company currently couldn't handle calls. At one point, when Motherboard requested FlexiSpy's statement on the breach, a staffer asked us to submit a customer support ticket. The page for creating tickets was offline.

Advertisement

But in an online chat through FlexiSpy's official website, a customer support representative said that they "we're just having some maintenance and upgrade."

"I heard you were hacked?" I asked, without saying I was a journalist. "Is it true?"

"Ohh. Absolutely not :D," said the representative. "It's just some false news."

When I asked for more details, the rep asked me to send an email. In another chat, when I introduced myself as a reporter, another representative immediately said he had no "detailed information" about the hack, and told me to email another address.

"We're no match for you, the world's most powerful and elegant spyware company."

When I told Leopard Boy about the company's claims, the hacker seemed amused.

"You are 100% right, expired Citibank card number [REDACTED], security code [REDACTED], Skype username [REDACTED], signature like an inebriated five year old. We're no match for you, the world's most powerful and elegant spyware company," the hacker said in an online chat. "No hacks occurred at all."

The company's Twitter account, on the other hand, has been totally silent, except for an answer to a potential customer who wanted to know if FlexiSpy was available in Brazil.

"Yes! Please visit our website for info," the company replied.

Despite the hack, it appears to be business as usual for FlexiSpy.

Joseph Cox contributed reporting.

Motherboard is nominated for three Webby Awards for Best Science YouTube Channel, Best Drama, Best Tech/Science Podcast. Please vote for us!