SpyX Stalkerware Data Breach Exposed ~2M Emails, IPs, Locations, Device Info and 6-digit PINs in pwd Field; Apple iCloud Creds (Emails + Plaintext Passwords) Leaked, likely used for Cloud Monitoring.

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.

• Breach date: 24 June 2024 Date added to HIBP: 19 March 2025
• Compromised accounts: 1,977,011
• Compromised data: Device information, Email addresses, Geographic locations, IP addresses, Passwords