The FTC has banned US surveillance company Spyfone from engaging in surveillance practices. The company was removed from the list of authorized companies because it shared its customers’ location with third parties and had negligent security.
Spyfone sells surveillance software to parents and employers, but the company sold their collected data to third parties, according to the FTC. According to the FTC, this allowed stalkers and abusers to secretly track targets who then become potential victims of violence. The FTC also stated that Spyfone has a lack of security that allowed hackers, thieves and cybercriminals to easily access the collected data. Not only has the company been removed from the list of authorized companies, CEO Scott Zuckerman is also no longer allowed to engage in surveillance practices.
In 2018, the company made headlines after a researcher discovered that the company had stored the collected data unprotected on the net. That data included photos, messages, audio recordings, contact details, location data, passwords,… from thousands of people. According to the researcher, no password was needed to get into the backend of Spyfone and the api was not secured either. After this data breach, Spyfone suggested it would put its security in order. The FTC says the company has not kept its promise.