Retina-X Studios Server Breached by Hackers
We must share some bad news that recently came to our attention. While we were under the impression that a hardware failure had occurred on one of our servers, several products of Retina-X Studios fell victim to a data breach at the end of February 2017.
The attacker did not notify us of his activities and instead chose to wipe any data that he was able to force access to. He recently notified a journalist to write about the event. The attack was fairly sophisticated and was reportedly conducted by an individual who is wanted in the jurisdictions of several countries for his conduct relating to technological exploits.
We do not yet have all of the facts about what may or may not have occurred in this unsanctioned and unauthorized breach which resulted in data loss. However, the server has already been replaced. Fortunately, we also took the opportunity that came with provisioning a new server to strengthen security. We have now taken steps to prevent this sort of thing from happening again.
How it Happened and What Was Taken
A hacker known for SQL exploits of great magnitude was able to find a weakness in a decompiled and decrypted version of a now-discontinued product. The vulnerability hidden inside the coded software led to a breach of the database and the eventual exploit by unauthorized individuals.
According to the report, the attacker was able to break into a server that held database tables for Net Orbit, PhoneSheriff and TeenShield. The tables held information such as login usernames, subscription keys, device metadata, text messages, GPS locations, contacts’ information, apps installed and website logs. A third-party photo storage account was also breached. Only accounts created before February 21st, 2017 were affected.
It is important to note that absolutely no payment information was compromised in the breach. Information provided upon purchase is kept with the payment processor and credit card information is not kept by nor made available to Retina-X Studios. Users’ passwords were encrypted but it is strongly recommended to update any passwords that may have been compromised.
How the Data Was Handled
The attackers appear to have handled the stolen data in a mostly responsible way with respect to the gravity of what they have done. As far as we can see at this time, any stolen data has either been destroyed or secured in such a way that would be responsible with due respect towards everyone’s privacy. We have taken steps to distinguish ourselves from bad actors which may have contributed to the leniency that the attackers have provided us compared to their other victims.
However, we have received words which convey that one of the authors of the news article has a list of emails and has contacted several customers regarding the article they wrote. We have not been in contact with the attacker and have not authorized or condoned any data breach or granted access to customer information to a third party.
Why it Happened
Allegedly, the person who breached the security has been involved in other exploits concerning surveillance technology. His motivations were that since he disagrees with a concept or idea then he will take it upon himself to wreak havoc upon those involved with the activity. Recent news suggests that the hacker is going after malware and spyware manufacturers who claim to be in the monitoring software industry but who provide no protections against misuse.
While the intention might be considered worthy of applause by some, those of us who have used Retina-X Studios products know that our products are not spyware. Our child and employee monitoring software shows up as an icon and in the Installed Apps list on devices. There are also notifications to let the user of the device know that activities are being monitored.
Our apps are password-protected and we do not condone improper use of our software or services. We who are legitimately in the monitoring software industry are dismayed that Retina-X Studios, LLC was targeted in the attack. We at Retina-X Studios, LLC are crestfallen and troubled with the stance and the actions taken by both the attacker and the journalists seeking to antagonize the situation.
Parents and Employers Have a Legal Right
As stated on our websites, our software can only be used to monitor your underage child or your employee if they are using a company smartphone that is owned by you with appropriate consent and foreknowledge from the employee. The software cannot be used to monitor individuals (such as a spouse, friend, etc.) as it would violate the terms you agreed to at the point of purchase and be subject to immediate termination.
Another target of the alleged hack was a product which goes way beyond monitoring your child or employee. We understand the position of privacy advocates when it comes to monitoring individuals other than your child or employee. However, the person who breached our security and destroyed the data does not sympathize with the thousands of us parents and employers who have legitimate purposes for monitoring our smartphones and computers with appropriate consent.
We have heard from our customers over and over again about how they have found innumerable safety benefits in the services we provide. Our software has saved lives and stopped child predators. We stand behind our customers when it comes to the shock and outrage over the actions of this theft. We want to make sure this never happens again and we want to be clear that in no way do we condone use of our services outside of what is outlined in our terms and policies.
We’re Here to Help
Please let us know if we can be of further assistance. You can contact us by Live Chat on any of our websites or you can submit a support ticket by emailing firstname.lastname@example.org
If you are a member of law enforcement or legal authority, we will cooperate to provide any pertinent or relevant information required. Please email email@example.com with any requests.
Media inquiries should be directed to firstname.lastname@example.org.
Retina-X Studios, LLC is committed to helping our customers keep their kids safe and we will continue to provide strengthened security and further innovations in the smartphone monitoring industry. We truly appreciate the support and loyalty we have received from our customers for nearly fifteen years.
We expect to move forward from this with our new security measures in place and our focus to provide professional monitoring solutions for parents and employers who require accountability with the devices they provide their children and employees.