Data dumps are being sold or abused by criminals, reports claim.
Data from the cyberattack on the snooping tool mSpy appears to be being exploited by hackers after leaking onto the deep web, according to a report from security blogger Brian Krebs.
Criminals frequenting the Hell forum, which can only be reached through the anonymous Tor network, were said to be using the mSpy data to deduce passwords and usernames for Apple’s iTunes service.
Ping, a moderator on the forums, reportedly wrote that users could login to the Apple accounts using Tor and be "perfectly safe", and could also abuse the "Find My iPhone" feature to gain money from account holders.
"Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom," Ping suggested.
The report follows attempts from mSpy to play down suggestions it had been compromised, with a spokeswoman telling CBR last Tuesday that the company had received "frequent threats" of such hacking in the past.
"We never have or ever will fall for provocations of third parties and our only response for such ‘ventures’ will be further securitisation of any corporate and customer related data," she said, writing in an email.
However last week the company was forced to admit that it had been hacked and that customer records had been leaked online, prompting an investigation from the Information Commissioner’s Office in the UK.
Similar reports have also been published alleging that a database copied from Adult Friend Finder was being sold for around $17,000 (£11,000) worth of Bitcoins during March.
Writing in a security update last Friday, the dating site said: "As is common with similar cyberattack events, until the investigation is completed, it will be difficult to confirm the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates on this site as we learn more from our investigation."
It insisted that at the time of writing there was "no evidence" that financial data or passwords had been compromised.