Joseph Cox and Lorenzo Franceschi-Bicchierai report:
This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones.
A website and app designed to let users monitor their children, employees, or illegally spy on their spouse inadvertently allowed anyone who was using the service to obtain information contained within other peoples’ accounts and intercept the communications of around 28,000 users, Motherboard has confirmed following a tip from a hacker.
The app, called Xnore, can be installed on Android, iPhone, and BlackBerry devices, and collects Facebook and WhatsApp messages, GPS coordinates, emails, photos, browsing histories as well as records phone calls. Customer accounts were exposed by a map feature on Xnore’s website. The flaw allowed anyone who viewed the HTML code of the page to see the mobile identifier used by Xnore to view any collected data. This identifier could then be used to add the intercepted data of someone else’s account to your own.
Read more on Motherboard.