A hacktivist scraped over 500,000 payment records from a company selling "stalkerware" apps, which are used for covert phone surveillance. The data leak exposed customer email addresses, the apps they purchased, payment amounts, card types, and the last four digits of their cards. Notably, this includes transactions for apps like Geofinder, uMobix, and Peekviewer, which allow users to monitor private information from targets' phones. The vendor behind these apps is Struktura, a Ukrainian company. The hacktivist, known as "wikkid," exploited a vulnerability on Struktura’s website to access this data. They published the records on a hacking forum, highlighting the risks associated with using stalkerware, which has repeatedly suffered from security failures. Apps like uMobix and Xnspy facilitate spying on partners, often illegally, by collecting sensitive data such as call logs, texts, and location information from the victim’s device. In 2022, Xnspy had already exposed data from thousands of users, raising concerns about the cybersecurity practices of these surveillance vendors. TechCrunch verified the authenticity of the leaked data by matching transaction records with the vendor's checkout pages, confirming the legitimacy of several accounts linked to disposable email addresses. The earliest record in the dataset even listed the email of Struktura's CEO, Viktoriia Zosim, associated with a $1 transaction, suggesting a direct connection between the company and the leaked information. Despite attempts to reach representatives from both Struktura and Ersten Group, the vendor's U.K. alias, no comments were received.