More than half a million Android devices and several thousand iOS devices have been compromised due to a critical vulnerability in the spyware application Spyzie, designed for covert surveillance. A cybersecurity researcher, who shared the findings with TechCrunch, revealed that many affected users are likely unaware that their personal data—including messages, photos, and geolocation—has been exposed.
Spyzie suffers from the same security flaw that previously plagued Cocospy and Spyic, both of which were heavily criticized for leaking data from over two million users. The vulnerability enables unauthorized attackers to access information collected by these applications—despite their intended use as a one-person monitoring tool—as well as the email addresses of individuals using Spyzie for surveillance.
The researcher provided TechCrunch with a database containing 518,643 unique email addresses of Spyzie customers. This information was also shared with Troy Hunt, the creator of Have I Been Pwned, a platform that tracks data breaches.
Like other spyware applications, Spyzie remains hidden on targeted devices, making it difficult to detect. The majority of victims are Android users whose devices were accessed physically, often in the context of abusive relationships. For iPhones and iPads, Spyzie exploits iCloud data, gaining access through victims’ Apple ID credentials.
The Spyzie data breach marks the 24th instance since 2017 in which spyware applications have been compromised due to weak security measures. The operators of Spyzie have yet to comment on the situation, and the vulnerability remains unpatched.
To check for Spyzie on an Android device, users can dial 001 in the phone app—if the spyware is installed, it will appear on the screen. iPhone and iPad users are advised to enable two-factor authentication and review the list of devices linked to their Apple ID.
The incidents involving Spyzie, Cocospy, and Spyic serve as a stark reminder: even if suspicions arise about a partner’s fidelity, resorting to spyware is never the answer. A single vulnerability can expose a loved one’s private data not just to you, but to the entire internet.
Rather than jeopardizing the privacy of someone you care about, addressing concerns through open and honest communication is always the wiser path. Covert surveillance not only violates personal boundaries but also introduces security risks that can never be undone.
